Privacy Policy

Home » Privacy Policy

Last Updated: 24 October 2024

1.Introduction

“PE” is the brand name for the below listed legal entities who provide business solutions to businesses in the United Kingdom. This Privacy Notice applies to each legal entity using the brand name of “PE”. When we mention “we”, “us” or “our” in this Privacy Notice, we mean the relevant legal entity below which processes your personal data.

Company nameCompany numberRegistered addressRoleICO registration number
Pozitive Energy Ltd09523048

1 Canada Square,

10th Floor (North West), Canary Wharf, London, E14 5AB.

Licensed gas and electricity supplier under the Gas Act 1986 and the Electricity Act 1989, a provider of Electric Vehicle Charging (EVC) solutions and other environmental and energy-related services and smart tech solutionsZA204844
Pozitive Payments Ltd12300457

1 Canada Square,

10th Floor (North West), Canary Wharf, London, E14 5AB.

Independent Sales Organisation Agent authorised by the Financial Conduct Authority the Payment Service Regulations 2017, FCA No.806630ZB229055
Pozitive Telecom Ltd07764492

1 Canada Square,

10th Floor (North West), Canary Wharf, London, E14 5AB.

Mobile Virtual Network Operator registered with Ofcom.ZB537181
Pozitive Water Limited10797006

1 Canada Square,

10th Floor (North West), Canary Wharf, London, E14 5AB.

Licensed water and sewerage retailer under the Water Industry Act 1991, water licence number 057/2017/WF and sewerage licence number 056/2017/SLZA260169

We are the data controller for your personal data, whether you are a prospective customer, a customer, or a beneficiary of the products and services e.g. when you use our Electric Vehicle Charging (EVC) station. Details of our Information Commissioner’s Office (ICO) registrations can be found above.

We are responsible for deciding how we process personal information about you and this Privacy Notice sets out how we process this information. We will let you know which entity will be the controller for your data when you purchase or otherwise receive a product or service from us whether as a customer or beneficiary.

We offer business products and services to customers including power, gas, telecommunications, water, sewerage and financial services. The personal data we process is used to manage our commercial relationship with you, comply with legal obligations and pursue our legitimate business interests. This website and our products and services are not intended for children, and we do not knowingly collect data relating to children.

Any changes we may make to this Privacy Notice will be updated on our website and, where appropriate, notified to you in writing.

We have appointed a Data Protection Manager who is responsible for overseeing questions in relation to this Privacy Notice and our controlling and processing of data. Should you have any queries relating to this notice, please contact our Data Protection Manager using the address at the start of this privacy policy, so that they can do their very best to sort out the problem, or email us at: datacontroller@pe.solutions.

2    Data we collect

We will only ask for information that we need. We collect personal data to be able to provide our products and services to you (whether as a customer, prospective customer, or beneficiary of the product or service). Where necessary, we will also collect personal data from others associated with you (collectively referred to as “you” for the purpose of this privacy policy), for example, if they are a beneficiary of the product or service e.g. your employees, contractors, agents or relatives. By giving us information about someone else for the purpose of arranging a product delivery or service, you confirm that you have their permission to do so (or, if necessary, another lawful basis), and that you have shared this Privacy Notice with them.

We collect, use, store and transfer different kinds of personal data about you, depending on the product or service we provide to you. We have grouped the data together as follows:

  • Identity Data includes first name, last name, title, gender, date of birth, identification numbers including copies of your passport, visa, driving licence, home address, personal telephone number, personal e-mail address meter point details or device identifier.
  • Health Data includes information in relation to vulnerabilities or impairments that may affect how products or services are accessed.
  • Contact Data includes billing address, business e-mail address and business telephone numbers.
  • Financial Data includes bank account(s), payment card(s) details.
  • Transaction Data includes details about payments to and from you, other details of products or services you have purchased from us.
  • Technical Data includes Internet Protocol (IP) address, your login data, browser type and version. Please see our cookie policy [ https://pe.solutions/cookie-policy/ ] for further details. The technical data we collect also includes your mobile device time zone setting and location, location history, mobile device telemetry data, mobile device data if you receive a telecommunications product or service from us.
  • Profile Data includes your preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, products and services. It also includes information about how you use our products or services which will depend on the product or service. For example, it may include your gas, power and any other associated information or in the case of telecommunications, communications you made and received, websites you visited, performance metrics for example duration, time and cost of the communications, frequency of website access, service quality data. If you use our EVC station we will collect details about your charging session, including: start and end date and time, vehicle registration number, consumption and location of the EVC station (“EVC Data”).
  • Marketing and Communications Data includes your preferences in receiving marketing from us.
  • Other Personal Data includes personal data you otherwise voluntarily provide, for example when corresponding in writing (including via email or other electronic means), in meetings or during phone conversations or entered into any of our websites.

The personal data collected will depend on whether you are a prospective customer, customer or beneficiary of the product or service, the type of product or service you receive and whether you are a domestic customer, sole trader or corporate entity.

The majority of the personal data provided by you is mandatory in order for us to administer our relationship with you and perform our obligations under our contract(s) with you and/or comply with statutory requirements relating to the products or services we provide to you. Failure to provide mandatory personal data may affect our ability to deliver a product or perform a service and potentially affect your ongoing client relationship with us.

We take the security of personal data very seriously. We have administrative, physical and technical safeguards in place to protect personal data against unlawful or unauthorised processing, or accidental loss or damage. We will ensure, where personal data are processed that:

  • The processing is recorded, and the record sets out, where possible, a suitable time period for the safe and permanent erasure of the different categories of data in accordance with our Data Retention Policy.
  • Where we no longer require personal data for the purpose for which it was collected, we will delete it or render it permanently anonymous as soon as possible.
  • Where records are destroyed we will ensure that they are safely and permanently disposed of. The list set out above is not exhaustive, and there may be other personal data which we may collect, store and use in the context of the client relationship.

 

3    How we use your data and the lawful basis

By law, we are required to explain what information we collect from you and how and why we use your personal information (the “processing activity”). We are also required to have a “lawful basis” on which to process your personal information. This is summarised in the table below.

Where we use your data to test, develop and improve our products and services the data will be anonymised.

Purpose/ActivityType of dataLawful basis for processing including basis of legitimate interestWhere is the information collected from?How long do we keep the information for?
To offer you a contract, register you as a new customer or renew your contract

(a) Identity

(b) Contact

(c) Financial

(d) Usage

(a) Necessary for our legitimate interest (to offer you a contract)

(b) Performance of a contract with you

From you or company acting on your behalf when you or they contact us by phone or email, or when you or they use our website, including our customer portal.

From operators of industry systems, processes and data.

From information in the public domain.

3 years except for call recordings.

3 months for call recordings.

To manage your account including:

(a) Managing payments, fees and charges

(b) Collecting and recover money owed to us

(a) Identity

(b) Contact

(c) Financial

(d) Usage

(e) Marketing and Communications

(f) Transaction

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to recover debts due to us)

From you or company acting on your behalf when you or they contact us by phone or email, or when you or they use our website, including our customer portal.

3 years except for call recordings and EVC Data.

1 year EVC Data.

3 months for call recordings.

To manage our relationship with you which will include:

(a) Notifying you about contact end, changes to our terms or privacy notice

(b) Asking you to leave a review or take a survey

(c) Maintaining the Priority Services Register

(d) Monitoring service levels

(a) Identity

(b) Contact

(c) Profile

(d) Technical

(e) Marketing and Communications

(f) Health

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated, give you access to Priority Services or services available to Vulnerable Customers, and to study how customers use our services)

(d) Necessary for our legitimate interest to ensure we provide you with accurate results of our network

From you or company acting on your behalf when you or they contact us by phone or email, or when you or they use our website, including our customer portal.

From operators of industry systems, processes and data.

3 years except for call recordings and cookies.

3 months for call recordings.

Please refer to the cookie policy [https://pe.solutions/cookie-policy/]for the retention periods.

To administer and protect our business and this website which will include troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data(a) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or restructuring exercise)

(b) Necessary to comply with a legal obligation

From the technology which you use to access our products or services (for example an IP address or telephone number) and how you use it.

3 years except for call recordings and cookies.

3 months for call recordings.

Please refer to the cookie policy [https://pe.solutions/cookie-policy/] for the retention periods.

To use data analytics to improve our website, products or services, marketing, customer relationships and experiences

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).From the technology which you use to access our products or services (for example an IP address or telephone number) and how you use it.

3 years except for cookies.

Please refer to the cookie policy [https://pe.solutions/cookie-policy/] for the retention periods.

To market our products and services (including promotional offers) of our associated companies

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

(f) Marketing and Communications

(a) Consent

(b) Necessary for our legitimate interests (to develop our products and services and grow our business)

From you or company acting on your behalf when you or they contact us by phone or email, or when you or they use our website, including our customer portal.

3 years except for call recordings and cookies.

3 months for call recordings.

Please refer to the cookie policy [https://pe.solutions/cookie-policy/] for the retention periods.

To undertake checks for the purposes of preventing fraud and money laundering and to verify your identity

(a) Identity

(b) Contact

(c)Financial

(d) Technical

(a) Necessary for our legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws and meet the regulatory requirements that apply to us.

(b) Necessary to comply with a legal obligation

From you, third parties e.g. credit reference agencies and public sources.

3 years except for cookies.

Please refer to the cookie policy [https://pe.solutions/cookie-policy/] for the retention periods.

 

3.1         Credit reference and fraud prevention considerations

Before we deliver a product to you or provide a service, we undertake checks for the purposes of preventing fraud and money laundering and to verify your identity. These checks require us to process personal data about you.

We also continue to exchange information about you with Credit Reference Agencies (CRAs) on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at http://www.experian.co.uk/crain/index.html.

3.2 Automated Decisions

As part of the processing of your personal data, decisions may be made by automated means. This means we may use automated processing methods to assess if you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision-making, so if you want to know more please Contact us on the details below.

3.3 Consequences of Processing

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to deliver the product or provide the service you have requested or we may prevent you from using existing products or stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details below Contact us on the details below.

4    Who we share your personal data with

Your personal data may be shared between the entities operating under the brand of PE and with third parties to fulfil part of the contract between us and them to enable us or them to provide the products or services to you and to comply with legal obligations.

Third parties include:

  • Organisations who provide us with IT and system administration services.
  • Organisations who provide us with administration and processing services in order to manage your account and maintain our relationships with you and for ongoing customer service.
  • Organisations that market our products and services.
  • CRAs, law enforcement agencies, fraud prevention agencies, judicial bodies or tax authorities.
  • Government entities, authorities, regulatory and industry bodies. For example:
    • For the purpose of monitoring the performance of a task carried out in the public interest we to share meter point data of customers who received a government discount on their energy bills with Department Energy Security and Net Zero.
    • To comply with legal obligations, we supply information about customers who benefit from the Feed-in Tariff or Smart Export Guarantee to Ofgem.
    • To comply with legal obligations we provide meter point data of customers who we supply energy including those who are subject to energy theft investigations to the Retail Energy Code Company.
  • For the purpose of fulfilling obligations under the Market Arrangements Code (https://mosl.co.uk/market-codes) and assisting us and other industry participants with carrying out industry activities, we share certain Identity, Contact and Usage Data (“Market Personal Data”) with Market Operator Services Limited (“MOSL”). We and MOSL are joint controllers of the Market Personal Data and the privacy notice describing how the Market Personal Data is processed can be found here [https://mosl.co.uk/privacy-policies].
  • Where you switch service providers, the incoming provider.
  • Financial institutions if you enter into a handset and airtime agreement in case of telecommunications.
  • Organisations providing payment services which manage payments and direct debit instructions on our behalf in order to collect payments from you.
  • Accountants, lawyers, notaries and other professional advisers when considering, structuring, documenting, concluding, terminating, varying, amending or renewing a particular transaction already in place with you.
  • Companies that provide you with benefits or services associated with your product or service where permitted by law (your consent may be required to do this).
  • Organisations that manage our meter estate and data in order to ensure that your metering is in a working order and you are billed accurately for your products or services.
  • Wholesale, distribution, and transportation companies in order to deliver the product or service and, as applicable, comply with legal obligations in our licence and industry codes.
  • Revenue protection and debt collection services in order to enable debt recovery.
  • Organisations that help you with complaints management in order to respond to a complaint you made about us.
  • Research agencies in order to gain your feedback following a smart meter installation and other surveys.
  • Brokers to pursue our legitimate business interests in order to keep you informed of products and services that are available from us or may be of interest where permitted by law (your consent may be required to do this.)
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

5 Data security

We have policies, rules and technical and organisational measures in place to protect your personal data from unauthorised or unlawful processing and against accidental loss, destruction or damage.

We also have procedures in place to deal with any data security breach. We will notify you and any applicable regulator of a data security breach where we are legally required to do so.

Communications between you and us may route through a number of countries before being delivered, may be intercepted by third parties and may not always reach the intended recipient – this is the nature of the World Wide Web/Internet. We cannot accept responsibility for any such unauthorised access or loss of personal information that is beyond our control.

You are responsible for protecting your username and password and must not share it with, or disclose it, to anyone.

6 International transfers of Personal Data

Your personal data may be shared with organisations based outside of the UK. These countries may not have the same data protection laws as the country in which you initially provided the information and may not provide the same level of protection.

If we transfer personal data outside of the UK, we may rely on a decision from the Secretary of State determining that the recipient country provides an adequate level of protection. Alternatively, we rely on appropriate safeguards in respect of transfers of personal data to a country outside of the UK, for example, by agreeing standard contractual clauses adopted by the ICO.

7 Your rights

Data protection laws provide you, as an individual, rights to:

  • access – you can request access to your personal information (a data subject access request), so you can check what data we hold about you and are using it in accordance with the law.
  • rectification – you can ask us to correct personal information that we hold about you.
  • erasure – you can ask us to delete your personal data where there is no good reason for us to hold this data. You can also ask us to delete or remove your personal information where you have exercised your right to object to processing.
  • restriction of processing – you can ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • data portability – you can ask for a copy of the data we hold about you, in an accessible format and the right to transfer it, or to require us to transfer it directly, to another controller.
  • object to processing – you can object to the processing of your personal information and there is something about your particular situation which makes you want to object to processing on this ground.
  • not to be subject to automated decisions – You have the right to object to any automated decision making, including profiling, where the decision has a legal or significant impact on you.
  • withdraw consent – you have the right to withdraw your consent where we are relying on it to use your personal data; and
  • objection to marketing – you have the right to withdraw your consent to receive digital marketing material.

No fee is required to claim any of these rights. However, we may charge a reasonable fee or refuse to comply if your request for access is considered to be unfounded or excessive.  If you wish to exercise any of your rights, please contact us using the details set out below.

8 Complaints, requests exercise your rights and our contact details

If you have any queries or concerns regarding our processing of your personal data, would like to exercise any of your rights or would otherwise like to make a complaint, please contact our Data Protection Manager in the first instance at datacontroller@pe.solutions.

You have the right to make a complaint at any time to the Information Commissioner’s Office. Their contact details are:

Telephone: 0303 123 1113
Email: casework@ico.org.uk
Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Website: www.ico.org.uk

However, please contact us in the first instance if you have any issue that you wish to discuss.

Enquiry Form

Boost your business' control and bottom line by
switching to PE