We are SSE plc (SC117119) of Inveralmond House, 200 Dunkeld Road, Perth, Perthshire, PH1 3AQ.
We use your information as further explained in this Privacy Notice. We’ll be the “controller” of the information you provide to us.
In addition to SSE plc, for the specific business areas outlined below, other SSE and any associated Joint Venture companies will also be controllers of your personal information:
Each of which are, together with SSE plc, referred to as “SSE”, “we” or “us” throughout this Privacy Notice.
What information do we need?
We may collect the following personal data about you:
As a renewable generator, SSE works closely with third-parties, sub-contractors and other regulatory bodies.
Why do we need it?
We need to know your basic personal data to be able to develop and construct our generation portfolio, maintain and operate our electricity generation assets. In particular, to communicate and conduct business with you. We may also collect specific information in order to enter into legal contracts with you.
Legal bases for processing
In order to process and use your personal information lawfully, we rely on the following legal bases:
What do we do with it?
The personal data is processed by our staff to:
Who do we share it with?
We may share your information with:
Unless you’ve asked us not to, we may contact you in writing, by phone and (where you have consented) via email or SMS with information on products, services and rewards that we, other companies within the SSE group, and occasionally our carefully selected partners identified at the time we collect your information, offer. We may use third parties to send marketing communications.
Unless you have asked us not to, we may also use your email address to show you digital advertisements via search engine results pages or on other websites.
Unless you have asked us not to, we may profile your data to provide you with marketing and offers that are relevant to you. If you opt out of profiling, we will still run analysis that includes your data, but any decisions or marketing output that result from that analysis will not be used to market to you. You will be sent generic marketing that may not be relevant to you.
Where you partially complete and/or abandon any information inputted into our website and/or other online forms, we may use this information to contact you to remind you to complete any outstanding information and/or for marketing purposes.
To opt out of receiving marketing messages, or to object to our use of profiling for direct marketing purposes, please contact us at any time verbally, by email or in writing using the details in the “Contacting Us” section below.
How long will we keep it?
We will keep your information only for as long as necessary depending on the purpose for which it was provided.
When determining the relevant retention periods, we will take into account factors including:
Otherwise, we securely erase your information once this is no longer needed.
International Data Transfers – How is your personal data transferred outside of the European Economic Area (EEA)?
We, or a third party who we share personal information with, may transfer, host, store and/or handle your personal information outside of the EEA. For example, where we and/or our service providers (including servers) are based outside of the EEA.
The EEA consists of countries in the European Union, Iceland, Liechtenstein and Norway and are all considered to have equivalent laws in data protection and privacy. During the Brexit transition phase and adequacy assessment, the UK including Northern Ireland, are also considered to have equivalent laws in data protection and privacy.
We will only permit this to happen if adequate safeguards have been put in place to protect your personal information. For countries outside the UK, this means that we will:
(a) ensure that the country in which your personal information will be handled has been deemed “adequate” by the European Commission under Article 45 of the General Data Protection Regulation (GDPR); or
(b) include standard data protection clauses approved by the European Commission for transferring personal information outside the EEA and the UK into our contracts with those third parties (these are the clauses approved under Article 46.2 of the GDPR).
You have the following rights regarding your information:
What does this mean?
1. Right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we’re providing you with the information in this Privacy Notice.
2. Right of access
You have the right to obtain access to your personal data (if we’re processing it) and certain other information (similar to that provided in this Privacy Notice). This is so you’re aware and can check that we’re using your personal data in accordance with data protection law.
3. Right to rectification
You are entitled to have your personal data corrected if it’s inaccurate or incomplete.
4. Right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep it. This is not a general right to erasure; there are exceptions.
5. Right to restrict processing
You have rights to ‘block’ or suppress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further.
6. Right to data portability
You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
7. Right to object to processing
You have the right to object to certain types of processing in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests or on public interest grounds; the right to object to processing for direct marketing purposes (including profiling); the right to object to the use of your personal data for scientific or historical research purposes or statistical purposes in certain circumstances.
8. Right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for direct marketing.
For more information on your rights or if you would like to exercise any of your rights, you are welcome to get in touch using the details in the “Contacting Us” section below.
If you would like to contact us in relation to your rights or if you are unhappy with how we’ve handled your information, you may contact us by sending an email to: firstname.lastname@example.org.
If you would like to contact our Data Protection Officer, you may do so using the following details:
Address: Data Protection Officer, No. 1 Forbury Place, 43 Forbury Road, Reading, RG1 3JH
If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the relevant Data Protection Office:
Data Protection Commissioner
21 Fitzwilliam Square
Data Protection Commissioner
R32 AP23 Co. Laois
Information Commissioner’s Office,
Notice updated February 2023