Alt HAN Co is a vehicle established to allow all GB energy suppliers to deliver Alternative Home Area Network (Alt HAN) technological solutions and services. Our work includes assessing for the deployment of smart metering devices and technological solutions to allow smart meters to communicate with each other, otherwise known as Alt HAN equipment. Alt HAN Co is committed to protecting your privacy and compliance with all relevant legislation, including the General Data Protection Regulation (GDPR), where this applies to EU citizens, in addition to the ePrivacy Directive (implemented in the UK as the Privacy and Electronic Communications Regulations) and other applicable legislation.
Typically, we will collect the personal data of energy customers, and residents and landlords in premises that may be suitable to benefit from Alt HAN services, in addition to staff at our suppliers, contractors, partners and other third parties. This will include the following:
Contact & Business Details. You may give us your Contact Details by filling in forms on our website, through an existing business relationship with your company, or through the course of research or surveys conducted in the deployment of Alt HAN services. We may use this information to contact you or in the course of the provision of services to you. This information could also be collected through your interaction with Alt HAN Co in the course of business, including where you provide services to Alt HAN, as is related to the installation of Alt HAN smart metering equipment in your building, or when you submit a complaint to us or make any other request. This will include information such as:
• Your name
• Position and Company
• Phone number
• Physical address
• Email address
• Contact preferences (for marketing purposes)
• Country or location
Financial Details. Where we need to make a payment to you or your organisation, or issue an invoice, we many collect your financial details in order to facilitate this. Generally, this will include:
• Bank name and sort code
• Bank account number
Energy Data. Where you are a resident at a building that may be suitable for the deployment of Alt HAN equipment, or otherwise fall within the remit of smart metering as an energy customer, we may process personal data specific to your smart meter, including meter serial numbers (MPANs, MPRNs, MPxNs). We may receive such data from external energy databases such as those provided by Xoserve and Electralink , as well as directly from your energy supplier. We may also process limited meter reads and consumption data for short durations, as incidentally collected by Alt HAN Co or your energy supplier during the testing of smart metering equipment. We process such data in line with the Smart Energy Code (SEC), which provides the basis for our business processes and use of this data.
Building Data. Where you are a resident, tenant, owner or other occupant at a building that may be suitable for the deployment of Alt HAN equipment, or otherwise fall within the remit of smart metering as an energy customer, we may also collect and store information about your premise, including its address and postcode, from external energy databases. We use this information to conduct a market sizing analysis of the suitability of business premises for Alt HAN smart metering equipment. This will generally not be considered personal information, and will largely consist of location (e.g. GPS coordinates), building measurements and specifications.
Technical Data. Similarly to other websites, we may also collect information from your device and store it in log files, as you interact with our website or websites hosted by our third party partners or cookies embedded in our website, in order to support your website experience and interactions with us. This information could include data on your IP Address, Location, device identifiers and information on links that you click on or content that you view.
Other Information. We may also collect information relating to an activity/complaint or engagement with the member of the public. We may also collect information in relation to Health and Safety incidents that occur with respect to our sub-contractors/surveyors when conducting surveys on-site, as part of our Health and Safety duty of care. This information will be anonymised where possible.
We may also process photographs/video/audio recordings of energy supplier’s employees and other attendees, as collected at Accelerated Solutions Environment (ASE) events as part of the course of our business activities.
Moreover, our surveyors (sub-contractors) may also take photographs of particular residences in the course of surveying them for market sizing activities, which may incidentally include photographs of residents (although we take steps to check and remove photos that include images of residents).
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
This applies where you have given us consent to the processing. We do not generally collect personal data with consent, except perhaps when you have given us consent to send marketing information to you. Where you have given consent, you have the right to withdraw consent to marketing at any time by contacting us.
We may rely on our legitimate interests (or those of a third party) – including in the context of maintaining information on complaints from residents and members of the public and engaging in certain communications about Alt HAN services, where your interests and fundamental rights do not override those interests.
Performance of a contract
We may also process your data for the performance of a contract we have with you or your organisation. This will include, for example, processing information of subcontractors’ staff, and processing data of suppliers and other parties in relation to the installation of Alt HAN Equipment.
We may also store your personal data where we need to comply with a legal obligation, such as obligations that apply to Alt HAN Co under the Smart Energy Code (SEC). This will also include processing data for Health and Safety assessments under our Health and Safety duty of care, and where we are obliged to retain payments records pursuant to financial obligations.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
We will retain the following data for the applicable periods below.
|Type of data||Retention period||Justification|
|Contact Details||Staff at our partners, suppliers, or third parties: For the duration of the business relationship, or 2 years since the last contact||To keep in contact with you in relation to Alt HAN services|
|Energy Data||Energy customers: For the duration of the provision of Alt HAN services/ Alt HAN Programme||To ensure the analysis of suitability for, and provision of Alt HAN services to, specific residences|
|Financial Details||6 years from the end of the financial year in which the payment was made||For processing payments and for our legal/financial obligations|
|Other Information||Photos from ASE events: For the duration of the provision of Alt HAN Services||For administering, carrying out and reporting progress at ASE events|
|Technical Data||Device identifiers/IP address/Cookies: Variable (See Cookies Policy below)||With your consent and/or to understand interactions with our website|
We store personal data within our UK and EEA-hosted servers and other third-party databases. These include:
• Microsoft Office 365/Sharepoint (with data stored in Microsoft Azure data centres in the UK)
• Database providers for HR and Customer Relationship Management (CRM) details (such as Huddle, where data is stored on Rackspace data centres in the UK; and JIRA, where data is stored on UK or EU data centres)
• Finance system providers (including Agresso, with information stored on data centres in UK)
We ensure that security controls are in place around these systems, including that access controls are limited to the appropriate staff and contractors needed (for operational purposes) to access those systems. Where we exchange personal data in attachments via email, we also use password-protection and encryption solutions where possible.
Alt HAN Inventory
The Alt HAN Inventory is a database we have developed with building and premise data, which we use to assess residences for their suitability for the deployment of Alt HAN equipment. This may also include information about residents, including Energy Data. We have several security safeguards in place around the Alt HAN Inventory, which involve i) VPN connections for remove logins, or permitting connections from certain buildings or addresses (such as our office) , or; ii) log-on credentials and 2 factor-authentication in a web-based version of the Inventory interface.
We may also transfer your personal data to our clients and third-parties, as detailed below.. Some of these third-party providers may have staff outside the UK or European Economic Area (EEA), and may access personal data, subject to suitable and secure safeguards. Where these are used, we typically ensure that such systems employ appropriate access controls to limit usage only to the necessary staff. These are discussed further in the section below.
We may share your personal data with the parties set out below. This will typically include in the following circumstances:
• Contractors and partners that we work with to carry out Alt HAN Co business processes (including the identification of residences for Alt HAN equipment), such as Capgemini, who act as an Operational Service Provider, and sub-contractors, such as Daly International
• Our core contractors, including Gemserv, Engage Consulting, Baringa and others, who provide operational and consultancy services to us
• Energy Suppliers, that we may work with to provide your residence with Alt HAN equipment
• Business partners, such as the Technology Services Vendor(s), who work on developing Alt HAN equipment
• Database providers where we store business data and personal data, such as Huddle, JIRA and others
• Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services
• HM Revenue & Customs, regulators and other authorities based in the United Kingdom, who require reporting of processing activities in certain circumstances.
• Public authorities who make lawful requests for the disclosure of information by Alt HAN Co, including to meet national security or law enforcement requirements
Alt HAN Co with enter into agreements with third-parties to ensure that they respect the security of your personal data, treat it in accordance with the law, and notify us if any security breaches occur.
Where we use such third-party providers as listed in Section 6, we take steps to enter into agreements to ensure that such third parties have the adequate safeguards in place, which include:
Generally, where data has been transferred from Alt HAN Co to other third parties outside the UK, we will ensure that any parties who receive such data have the appropriate measures to ensure secure transfers in place. In particular, this will include our sub-contractors and business partners, whose staff may access personal data on the Alt HAN Inventory from outside the UK, and may include some of our systems used for storing and sharing personal data.
Alt HAN Co will not transfer any data or allow any access to such data to such third parties until one of the following mechanisms are in place:
• An adequacy decision from the Secretary of State or Information Commissioner’s Office (ICO)
• UK-approved Standard Contractual Clauses
• Binding Corporate Rules that have been put into place
Under certain circumstances, you have rights under the GDPR and DPA in relation to your personal data, upon request:
• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully.
• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Object to processing of your personal data where you feel it impacts on your fundamental rights and freedoms, by contacting us to inform us of this.
• Opt-out from marketing communications or newsletters we may send to you. You should request this by contacting us at email@example.com or replying to the marketing email you received with [OPT OUT].
To exercise these rights with respect to Energy Data, please contact your energy supplier in the first instance.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
A cookie is a small text file that is downloaded onto your computer when you visit our website and allows us to recognise you as a user. Typically, these contain two pieces of information: a site name and unique user ID. All information these cookies collect is aggregated and anonymous. Cookies are essential to the effective operation of our website. Cookies make the interaction between you and the website faster and easier. Cookies may also be set by the website you are visiting (first party cookies) or may be set by other websites who run content on the page you are viewing (third party cookies).
Cookies are generally collected across the following categories:
• Strictly Necessary: Cookies that are strictly necessary to enable you to move around our websites or to provide certain basic features
• Functional: Cookies that are used to enhance the functionality of the website, including by storing your preferences
• Performance: Cookies that track visitor statistics and user traffic that allow us to monitor the popularity of sections of our website (e.g. Google Analytics)
• Marketing: Cookies that are used to track users across pages or websites to build up a user profile and display advertisements relevant to them
Currently, we have the following cookies in use on the Alt HAN Co website:
|COOKIE NAME/ID||CATEGORY||PURPOSE||RETENTION PERIOD|
|Complianz (cmplz_all, cmplz_choice, cmplz_id, cmplz_stats)||Strictly Necessary||Cookies used to record evidence of a user’s consent to cookies||1 year|
You may access our Cookie Consent Notice to opt-out of cookies at any time subsequently. For more information on how to manage cookies usage on your device, you can visit this link: Managing the Cookies Stored on Your Device
Please note that if you prefer to block some or all of the cookies Alt HAN Co uses, you might lose some of our website’s functionality.
DATA PROTECTION OFFICER
For the purposes of compliance with the law, our registered address is:
AltHAN Company Ltd.,
5 Norwich Street,
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. You can contact the ICO using the following:
Email address: firstname.lastname@example.org
Postal address: Information Commissioner’s Office (ICO)
Telephone number: +44 (0) 303 123 1113