Effective Date of Privacy Statement: April 1, 2001 — Last Updated: May 25, 2018
We may amend this Policy from time to time in order to ensure the accuracy to which we describe our practices and procedures. You are encouraged to read this Policy carefully and from time to time to check our websites to learn of any new changes we may need to make. We would not make changes that affect your statutory rights or protections and freedoms under applicable data protection laws.
For the purposes of this Policy:
Consent is you the Data Subject’s freely given, specified, informed and unambiguous indication of your wishes by which you through a statement or clear affirmative action signified agreement to the Processing of your Personal Data.
Data Controller is a natural or legal person which alone or jointly with others determines the purposes and means of the Processing of Personal Data. For this Policy, Hudson Energy Supply UK Limited is the Data Processor.
Data Processor is a natural or legal person which Processes Personal Data on behalf of the Data Controller.
Personal Data is any information relating to an identified or an identifiable natural person (the Data Subject). A natural person can be identifiable directly or indirectly, such as by name, identification number, any online identifiers to factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing is an operation or any set of operations performed on Personal Data (whether or not by automated means) such as collection, recording, organisation, structuring, storage, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third Country is a country which the EU Commission has deemed to enforce laws that ensure an adequate level of protection and where we can transfer Personal Data to without specific authorisation from Data Subjects.
Ways In Which We Collect Your Personal Data
We collect your Personal Data when:
- 1. You visit our website: your device and browser may disclose certain information (such as device type, operating system, browser type, IP address, MAC number, dates and times our website was accessed and other information) that may be Personal Data.
- 2. You provide it to us: for example, when you input your information in an enrolment or application process in order to commence a contractual relationship with us by phone, online, etc.
- 3. Third parties provide it to us: for example, credit reference agencies, law enforcement, organisations to whom you have indicated you would be interested in energy-related products and services, etc.
Reasons We Collect Your Personal Data And The Grounds For Which We Process It
||Reasons why it is necessary to process
|Online identifiers such as IP address and device identifiers
||To study website and app usage and efficiencies in order to improve our products and services to you, including the operation of our websites and apps.
|Personal details such as your name, date of birth, address, etc.
||To enter into a contractual relationship to you, for example a contract of supply of energy or an application or a contract for employment.
|Contact details such as your phone number and email address
||In order to contact you about important information regarding your application or contract with us.
|Financial details such as your bank account number and cardholder name
||To arrange direct debit payments from you for supplied energy, or for paying you for work.
||If you are a customer of record and live with vulnerable persons such as someone elderly or disabled, we would keep that on record in order to place your priority registers.
|Education and work history
||To conduct referencing on you in the event that you apply for paid work with us.
We will process your Personal Data for the purposes set out above because:
- - you consented;
- - you have gained consent to supply another’s Personal Data, such as emergency contacts;
- - it is necessary for complying with a legal obligation;
- - it is pursuant to our legitimate interests, such as the pursuit for the payment of debt or the establishing, exercising and defending of our legal rights;
- - it is pursuant to a substantial public interest.
Any processing of your Personal Data by us will be done in a manner that is proportionate to the task pursued and with security measures to safeguard your rights and freedoms in relation to that information.
Disclosure To Third Parties
We may disclose your Personal Data to other entities within the Just Energy Group, Inc. family of companies for business purposes. In addition, we may disclose to:
- - background reference agencies;
- - anti-fraud services;
- - government, legal, regulatory or similar authorities such as ombudsmen as well as accreditation and licencing agencies where required, including for the purposes of the detection of unlawful actions or behaviour;
- - external professional advisors to the Just Energy Group, Inc. family of companies subject to obligations of confidentiality;
- - debt collection agencies;
- - data aggregation services;
- - third party service suppliers such as billing services and customer service administration;
- - any relevant party, complainant, investigator, auditor or court appointed agent;
- - any legal authority for the purposes of detection, prevention or investigation of crimes or threats to public safety;
- - potential third party acquirers in the event that we sell or transfer a portion or all of our business or assets.
We would only do so for the purposes of performing our contractual obligations to you or our legal obligations in general. From time to time, we may need to select recipients to process your Personal Data whom are in countries that are not Third Countries. These countries may be those where the governing data protection laws are of a lower standard than those that apply in the UK.
If we do disclose to third parties, whether they are in Third Countries or not we will ensure that they are contractually bound to:
- - process your Personal Data strictly as per our instructions;
- - use handling procedures that ensure the confidentiality and security of your information.
We implement technical and organisational measures specifically drawn to protect your Personal Data against unauthorised, accidental or unlawful access, loss, alteration and disclosure. These measures all aim to handling your information to achieve data minimisation. This means that we process selected pieces of your Personal Data given within your consent only as required for the task at hand. If the task does not require your Personal Data, that portion of your information will not get processed. If the task does require your Personal Data, we would pseudonymise it so that it is sent in files that separate that from the remainder of the information.
If your contractual relationship with us ends without any outstanding issues for resolution and without any outstanding legal obligations on our part to retain your Personal Data, we will remove it from our records within a reasonable amount of time after the end of that relationship.
If it ends with potential outstanding issues, we will retain your Personal Information:
- - for 6 years when that issue is reasonably identifiable;
- - for the duration of resolution of that issue until it is resolved entirely,
- - whichever is sooner. We would retain the minimum amount of your Personal Data as necessary in order to identify the relevant pieces of information relevant to
Whenever the removal of your Personal Data is due to be removed from our records, we will do so within a reasonable amount of time after that. We have processes which ensure the deletion of information after it is appropriate to do so and systematically, your information when it is due to be removed should be removed at the next cycle of systematic deletion.
You have certain statutory rights in relation to the Personal Data that we hold about you as your Data Controller, including:
- - the right to receive copies of the Personal Data we do hold;
- - confirmation of the nature of processing, whether we disclose it to third parties and where those third parties are located;
- - the right to request rectification of any inaccuracies in your Personal Data;
- - the right to request erasure of Personal Data which we have on record for you which is not strictly necessary to our performance of our contractual and legal obligations;
- - the right to withdraw your consent of our processing of your Personal Data to the extent that your withdrawn consent does not obstruct our performance of our contractual and legal obligations nor impairs our rights as Data Controller to maintain amounts of information regarding you in order to exercise our rights to legitimately use that data, for example in the pursuit of debt you owe us;
- - the right to lodge a complaint with an official data protection regulator should you feel that we have processed your Personal Data in contravention of your statutory rights and freedoms.
Contact Details Of Data Controller
If you have any questions about the application of this Policy or about your Personal Data which we as your Data Controller, please contact us at:
Hudson Energy Supply UK Limited (trading as Green Star Energy)
3/F Elder House 586-592 Elder Gate
Milton Keynes MK9 1LR