Customers & Third Parties Privacy Notice

RF-QA-8016 REV 1.00

Last Updated: April 2024

We are committed to ensuring your privacy is protected. This privacy notice explains how we use the information we collect about you.

About this Notice

This privacy notice applies to the following data controllers:

1) Registered Company: Enerveo Limited (UK) No. 02317133

Registered Address: Second Floor, Eagle Court 2, Hatchford Way, Birmingham, B26 3RZ

2) Registered Company: Enerveo Ireland Limited (RoI) No. 476088

Registered Address: Unit 42, 528 Grant's View, Greenogue Business Park, Rathcoole, Co. Dublin, Republic of Ireland, D24 DVX7

These companies are referred to as “Enerveo”, “we” or “us” throughout this privacy notice. We will be the “controller” of the information you provide to us.

1. What information do we collect and how do we do it?

We, or third parties on our behalf, collect your personal data when you use our website, communicate with us by phone, letter, email, social media or in person or when you receive our products and/or services.

We may collect the following personal data and we refer to this as “personal data” throughout this notice:

Your name;
Gender;
Home address;
Telephone number(s);
E-mail address;
Date of birth;
Details of secondary contact (e.g. name and phone number);
Call recordings;
Customer ID numbers- when you register an account with us, we create and record a customer ID number for you and record the date you were registered;
Financial information;
Your preferences (e.g. Contact / Billing preferences);
Permissions;
Survey responses;
If you visit our website, we store your IP address, the browser software you use and your behaviour on our website (for example, the pages that you click on). This information is collected through cookies. More information on how we use cookies can be found in our cookie policies on the relevant website.

2. What do we do with your Personal Data?

We, or third-parties on our behalf, collect, use and store the personal data collected about you to:

Respond to any enquiries or issues you have, including directing you to the correct Enerveo support team;
Identify you;
Contact you, or authorised third parties, about our products and services- such as sending you service announcements and administrative messages;
Communicate with you by telephone, mail, email or other electronic means;
Enter into legal contracts with you;
Perform our obligations under any contract for the supply of products and services we have with you; • Train our staff and improve our products and services, which may mean that we monitor and record communications that we have with you including phone conversations, emails, SMSs and web chats; • Allow our engineers to visit you on site (where required), (e.g. to carry out work at your home) • Use data analytics to understand and improve the way we do things as a business; • Conduct, and contact you in relation to, market research e.g. through customer satisfaction surveys and questionnaires;
Identify offers and advice tailored to your needs or lifestyle;
Ensure the health and safety of you, our staff and contractors;
Respond to and/or resolve any enquiries or requests that you may make via social media; • Enable internal corporate reporting, business administration, adequate insurance coverage, the security of company facilities, research and development, and to identify and implement business efficiencies;
Comply with any procedures, laws and regulations which apply to us – including where we reasonably consider it is in our (or others) legitimate interests to comply;
Establish, exercise or defend our legal rights – including where we reasonably consider it is in our (or others) legitimate interests;
Facilitate the credit management process;
Allow us to process charges in the event of damage to our equipment;
To detect and prevent crime, fraud or loss: including carrying out checks on customers, suppliers and other third parties, which relate to activities such as anti-money laundering, countering terrorist financing and other unlawful acts (for example, illegal trafficking and environmental crime) and anti bribery and corruption requirements.

3. How do we use your Sensitive Personal Data?

We treat some of the information that we collect about you as being particularly sensitive, such as requirements for your welfare.

With your consent, we’ll collect this information about you (or a member of your household). This information may relate to health, disability or financial circumstances and we will use this information to:

Provide products and/or services to you in the most appropriate way e.g. if you require large print or braille communications;
Manage staff and third-party contractors; and/or
Provide you with the most appropriate customer experience where you attend an Enerveo event.

4. Marketing Communications

Unless you’ve asked us not to, we may contact you in writing, by phone and (where you have consented) via email or SMS with information on products, services and rewards that we, our group companies, and occasionally our carefully selected partners identified at the time we collect your information, offer. We may also use third parties to send marketing communications.

Unless you have asked us not to, we may also use your personal data to show you digital advertisements via your social media newsfeed, on search engine results pages, or on other websites.

Unless you have asked us not to, we may profile your data to provide you with marketing and offers that are relevant to you. If you opt out of profiling, we will still run analysis that includes your data, but any decisions or marketing output that result from that analysis will not be used to market to you. You will be sent generic marketing that may not be relevant to you.

To opt out of receiving marketing messages, or to object to our use of profiling for direct marketing purposes, contact us at any time using the details in section (11) or by replying to any marketing email that we send.

5. Legal Bases for Processing, Including Legitimate Interests

In order to process and use your personal data lawfully, we rely on the following legal bases:

Contract - for the performance of a contract with you for provision of our products and/or services or to take steps at your request prior to entering into such a contract;
Legal Obligation - to comply with our legal obligations;
Legitimate Interest - ensuring effective operational management and internal administration, document retention/storage, compliance with regulatory guidance, exercise or defence of legal claims, service improvement and communicating with you; and/or
Consent - where we market to you via email or SMS, or where we process special categories of data e.g. vulnerability information. If we rely on your consent in these ways, but you later change your mind, you may withdraw your consent by contacting us using the details in section 11 and we will stop doing so.

6. Who do we Share your Personal Data with?

We may share your personal information with the following categories of third parties:

Our third-party suppliers, partners and sub-contractors that provide, review and/or receive services in relation to our website, services and/or products. Our third-party suppliers include: payment processors; suppliers of technical support and installation services; cloud services providers and research agencies;
Local authorities, for example, where we are the street lighting sub-contractor; • Government or law enforcement officials- If we’re under a duty to disclose your information in order to comply with any legal obligation then we may disclose your personal data to meet national security or law enforcement requirements or to prevent illegal activity;
Debt collection & tracing agents if we provide you with a service and you fail to make payments; • Authorised third parties or named account holders on any account you hold with us; • If we sell, merge, or perform any internal re-organisations in relation to any of our (or any third party’s)

business or assets, the personal information will be one of the transferred assets to the relevant buyer and/or new data controller of such business or assets; and/or

7. How Long do we Hold it for?

We will keep your information only for as long as is necessary depending on the purpose for which it was provided.

When determining the relevant retention periods, we will take into account factors including:

our contractual obligations and rights in relation to the information involved; • legal obligation(s) under applicable law to retain data for a certain period of time; • (potential) disputes; and
guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information once this is no longer needed.

8. Your Rights

You have the following rights regarding your information:


	Right to be Informed	You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we’re providing you with the information in this Privacy Notice.
	Right of Access	You have the right to obtain access to your personal data (if we’re processing it) and certain other information (similar to that provided in this Privacy Notice). This is so you’re aware and can check that we’re using your personal data in accordance with data protection law.
	Right to Rectification	You are entitled to have your personal data corrected if it’s inaccurate or incomplete.
	Right to Erasure	This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep it. This is not an absolute right to erasure; there are exceptions.
	Right to Restrict Processing	You have rights to ‘block’ or suppress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further. [We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future.]
	Right to Data Portability	You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
	Right to Object to Processing	You have the right to object to certain types of processing, in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests or on public interest grounds; the right to object to processing for direct marketing purposes (including profiling); the right to object to the use of your personal data for scientific or historical research purposes or statistical purposes in certain circumstances.
	Right to Withdraw Consent	If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for direct marketing.

9. International Data Transfers

How is your personal data transferred outside of the European Economic Area (EEA) and the UK?

We, or a third party who we share personal data with, may transfer, host, store and/or handle your personal information outside of the UK or EEA. For example, where we and/or our service providers (including servers) are based outside of the UK or EEA.

We will only permit this to happen if adequate safeguards have been put in place to protect your personal data. For countries outside the UK or EEA, this means that we will:

a) ensure that the country in which your personal data will be handled has been deemed “adequate” by the European Commission under Article 45 of the General Data Protection Regulation (GDPR); or b) include standard data protection clauses approved by the European Commission for transferring personal data outside the EEA and the UK into our contracts with those third parties (these are the clauses approved under Article 46.2 of the GDPR).
Changes to this Notice

We may update our privacy notice from time to time. Any changes we make to our privacy notice in the future will be posted on the Enerveo (UK) and Enerveo Ireland (RoI) Websites and, where appropriate, notified to you by post or email.

For more information on your rights or if you would like to exercise any of your rights, you are welcome to contact us at the contact details set out below under “Contacting us”.

10. Contacting Us

If you would like to contact us in relation to your rights or if you are unhappy with how we have handled your information, you may do so using the following details:

Email: dataprotection@enerveo.com

Address: Enerveo: Data Protection, FAO Quality & Assurance, MacColl House, Woodrow, Eurocentral, North Lanarkshire, ML1 4YQ

11. Complaints

If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the relevant Data Protection Office.

Information Commissioner’s Office (ICO) (United Kingdom)

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: (+44) 303 123 1113

Website: www.ico.org.uk

Data Protection Commission (DPC) (Republic of Ireland)

Address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin, Ireland, D02 RD28

Telephone: (+353) 87 103 0813

Website: www.dataprotection.ie