This policy (together with any other documents we refer to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
WHO WE ARE
We (or “us”) means National Energy Action, a registered charitable company limited (company number 1853927, charity number 290511) whose registered address is 6th Floor, West One, Forth Banks, Newcastle Upon Tyne, NE1 3PA.
We are registered with the Information Commissioner’s Office as a data controller under number Z847023X.
YOUR INFORMATION
We may collect and process your personal information by you giving that information to us, us collecting that information about you, or us receiving it from other sources.
- information provided by you
You may give us information about you by completing forms, engaging with us via our website, or by corresponding with us by ‘phone, e-mail or otherwise. This includes information you provide if you register to use our site, subscribe to or enquire about our services, attend or take part in our training sessions, become a beneficiary of us, subscribe to mailing lists via our website, participate in discussion boards or other social media functions on our site, submit a survey, and when you report a problem with us via our complaints procedure. The information you give us on our website and through other means may include:
- your name,
- address,
- e-mail address
- phone number,
- date of birth,
- financial details and information,
- personal description,
- family details including dependants’ personal information and next of kin details,
- lifestyle and social circumstances,
- education and employment details including employment status/history,
- physical or mental health details,
- racial or ethnic origin,
- religious or other beliefs of a similar nature,
- offences and alleged offences committed,
- criminal proceedings outcomes and sentences,
- trade union membership, and
- medical information.
- information collected by us
When you visit our website we may automatically collect (using “cookies”) the following information:
- Technical information, including the Internet Protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- About your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), services and pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-hovers), and methods used to browse away from the page and any phone number used to call our switchboard, individual extension or direct dial.
When you visit our premises, attend a training session, or an employee or volunteer delivers one of our workshops or community engagement sessions, or comes to your home or workplace, or if you agree to take part in our research, we may automatically collect the following information:
- Data from the CCTV systems in use throughout our premises[1].
- Details of your attendance at training or other educational sessions, including our Annual Conferences.
- Details of when and for what purpose an employee or volunteer attending your household.
- Your feedback relating to our services.
- Information about your marketing preferences.
- Information contained in and records of communications between us and you.
- Information relating to the project or service you have received or to which your enquiry relates.
- Information collected in the provision of face to face advice sessions
- Information collected during the carrying out of social research (including but not limited to benefit entitlement and other income).
- information received from third parties
We may receive information about you from third parties such your employer, relevant local authorities, social housing providers, other charities whose services you access, energy companies and other partners in our projects and other organisations referring you to our services. In the case of prospective employees we will request certain personal information of referees. When that data is collected from you, you should be informed by those third parties at that stage that it may be shared with us and combined with data collected from multiple sources, unless that third party is exempted from such a requirement. You should also be informed of the purposes for which that data is going to be collected and used.
We also work with third parties (including project delivery partners and other partners, sub-contractors, advertising agencies, analytics providers and search information providers) and may receive information about you from them.
SENSITIVE PERSONAL DATA
We may collect certain sensitive personal information about you, as detailed in the list above. We collect and use this information for statistical and equal opportunities purposes and may share this with organisations that fund relevant projects on an aggregated and anonymised basis.
In addition, we receive funding for certain support and services provided on the condition that such support and services are provided to individuals with certain requirements or needs. We therefore may need to collect sensitive personal information from you where you wish to access such a service to be able to evidence that we are adhering to such conditions.
We will obtain your explicit consent before we process this type of personal information.
USING YOUR INFORMATION
We process personal data to enable us to further our charitable objects in relieving poverty and preserving and protecting health, advancing public education and promoting training. This includes processing personal data to administer membership records, fundraise and promote our charitable interests, manage our employees and volunteers and maintaining our own accounts and records.
We have set out below the personal information we collect or hold about you, along with our lawful reason for using that information. Personal information will only be used as stated for the said purposes and/or in such other circumstances where there is an obligations to do so, or as the law permits, or where we have consent to use it in the circumstances. Where we rely on legitimate interests, we have specified those interests below.
- To communicate with you about support or services we are providing to you – this is in our legitimate interests in order to process and administer these activities.
- To manage our activities – this is in our legitimate interests because it furthers our aims, objectives and business.
- To resolve queries and enquiries relating to our services – this is in our legitimate interests in order to administer our services.
- To manage a dispute, appeal or complaint – this is in our legitimate interests in order to administer our services and benefit the interests of beneficiaries and service users.
- To operate our processing and management information systems – this is in our legitimate interests in order to administer our services.
- To manage and operate our services – this is in our legitimate interests in order to administer our services.
- To notify you about changes to our services – this is in our legitimate interests in order to administer our services.
- To process grant applications and provide feedback on an application – this is in our legitimate interests in order to administer our services.
- To make payments to successful grant recipients – this is in our legitimate interests in order to administer our services.
- To prepare materials for use in training courses – this is in our legitimate interests in order to administer our services.
- To undertake an audit and statistical analysis in relation to the evaluation of research and the study of trends in relation to our services – this is in our legitimate interests in order to administer our services effectively and efficiently and help further our aims, objectives and business.
- To report to project delivery partners and funders – this is in our legitimate interests in order to comply with its obligations to those parties.
- To invite participation in surveys to provide feedback in relation to the services provided – this is in our legitimate interests in order to improve the services beneficiaries receive.
- To notify you of project, course or examination details (as applicable) for a service you have agreed to receive – this is in our legitimate interests in order to administer our services.
- To communicate with supporters and volunteers about our activities – this is in our legitimate interests in order to administer our organisation effectively and attract more support.
- To comply with any legal or regulatory obligations – this is to comply with our legal obligations.
- Use of CCTV images – this is in our legitimate interests in order to ensure the safety and security of staff and service users.
Where you have provided clear consent, we may also use personal information:
- To provide you with information about other services we offer that are similar to those that you have already enquired about or received from us; and
- To provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. Where we permit selected third parties to use your data we (or they) will only contact you by electronic means if you have expressly consented to this. If you do not want us to use your data in this way, or do not want your details to be passed onto third parties for marketing purposes, please DO NOT tick the box on the form on which we collect your data.
Where you provide personal data to us which relates to a third party either during the course of receiving support or services from us, providing that information confirms that you have obtained clear consent from that third party to share their personal information with us and you have made the information in this notice available to the third party.
Where we receive information from other sources, we may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for one or more of the purposes set out above (depending on the types of information we receive).
DISCLOSING YOUR INFORMATION
You agree that we can share your personal data with:
- our suppliers and sub-contractors (including, but not limited to third party energy providers or their industry regulators) for the performance of any contract we enter into with them to allow us to provide services to you, where they are under a duty to deal with your personal data in accordance with data protection legislation at that time in force in England and Wales;
- project delivery partners (as notified to you from time to time regarding our project(s) in which you are involved) for the performance of any services provided to you, where they are under a duty to deal with your personal data in accordance with data protection legislation at that time in force in England and Wales; this may also be for statistical analysis, reporting and research purposes;
- where anonymised or aggregated data is shared with third parties, in certain circumstances the third party may be able to use this in combination with information they already hold to re-identify individuals;
- funders and other organisations (as notified to you from time to time regarding our project(s) in which you are involved) with whom we have contracted for delivering and administering grants;
- other companies in the same corporate structure as us, as well as other voluntary and charitable organisations, where there is a lawful basis for doing so and they are under a duty to deal with your personal data in accordance with data protection legislation at that time in force in England and Wales;
- survey and research organisations, financial organisations, educator and examining bodies, business associates and professional advisers, and healthcare, social and welfare organisations (as notified to you from time to time regarding our project(s) in which you are involved), where there is a lawful basis for doing so and they are under a duty to deal with your personal data in accordance with data protection legislation at that time in force in England and Wales;
- external agencies and organisations (including the police, the relevant local authority and other law enforcement agencies) for the purpose of complying with the applicable legal and regulatory obligations.
- analytics and search engine providers that assist us in the improvement and optimisation of our site.
- HM Revenue and Customs and other statutory organisations as requires for the purposes of complying with our legal or statutory obligations.
We will disclose your personal data to other third parties:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- in the event that we are required or advised to do so as a result of any legislative or regulatory requirements or as we are required to in order to comply with such requirements (including, but not limited to, disclosing personal data to the Information Commissioner’s Office, the Charity Commission, Ofgem and Central Government);
- in order to enforce or apply our terms of use or terms and conditions of supply of services and other agreements;
- to protect the rights, property or safety of National Energy Action, our customers, our beneficiaries, or others. This includes exchanging information with other companies and organisations for the purposes of fraud and crime protection; or
- in other situations where we have your clear consent to do so.
WHERE WE STORE YOUR PERSONAL DATA
The data that we collect from you may be transferred overseas. When this is needed information is only shared within the European Economic Area (“EEA”). By providing us with your personal data, you agree to this transfer, storing and/or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
It is our policy to ensure all personal information we hold is handled correctly and appropriately according to the nature of the information, the risk associated with mishandling that information, including the damage that could be caused to you as a result of loss, corruption and/or accidental disclosure of any such information, and in accordance with any applicable legal requirements. All information you provide to us is stored on our secure servers or on secure servers operated by a third party. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site (such as our Members’ Area), you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
YOUR RIGHTS
You have a right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. If you have given us permission to disclose information about you to a third party for marketing purposes, you may revoke that permission at any time by contacting us at info@nea.org.uk or 0191 261 5677.
You also have other rights under data protection law, which apply in certain circumstances and are subject to certain exemptions. In summary these include:
- Right to Access: to access all data we hold about you.
- Right to Rectify: to correct personal information we hold about you which is incorrect or incomplete.
- Right to Erasure: that we erase all data we hold about you, if the data is no longer being used for the purposes you have consented to or if you revoke your consent (as detailed above).
- Right to Data Portability: to easily copy or transfer the data we hold about you from us to another service provider.
- Right to Restrict use of personal data: the right to suspend our use of your personal information in certain circumstances.
- Right to complain: the right to complain to the ICO if you consider we have not used your personal information in accordance with data protection law.
We ask that you send such requests to our contact details as listed above.
Our website may, from time to time, contain links to and from the websites of our project delivery partners, contractors and affiliate charities and organisations. If you follow a link to any of these websites, please note that they will have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data on these websites.
DATA RETENTION
We will not store your data for longer than is necessary. If you are a user or beneficiary of our services, then your information will be held for as long as you continue to use our services and for as long as is reasonably necessary for us to carry out our contractual obligations and/or charitable objects (if longer).
After this time, your personal data will be stored and then deleted in accordance with the requirements of any contract in place as notified to you from time to time regarding our project(s) in which you are involved. In all other cases, your personal data will be anonymised for statistical purposes and then deleted within 12 months of the date you stop using our services or retention of your personal data is reasonably necessary for us to carry out our contractual obligations and/or charitable objects (if longer).
Personal information is then destroyed safely and securely unless we are legally obliged to retain the data and/or transmit it to a regulatory or government body. For further information please contact info@nea.org.uk.
You should notify us (by email, telephone or in writing) if any personal information is incorrect or out of date. We will then update our records.
CHANGES TO OUR PRIVACY POLICY
Any changes we may make to our privacy policy in the future will be communicated by email, letter, pop-up on our website or other method of communication as we may consider appropriate. The updated policy will take effect as soon as it has been updated or as otherwise communicated to individuals.
CONTACT
Questions, comments and requests regarding this privacy policy should be sent to info@nea.org.uk. Alternatively, you can call us on 0191 261 5677 or writing to 6th Floor West One, Forth Banks, Newcastle Upon Tyne, NE1 3PA.
HOW TO COMPLAIN
If you do not feel satisfied after contacting NEA, then you have the right to complain to the Information Commissioner’s Office (the “ICO”) if you consider that we have not used your personal information in accordance with data protection law.
The ICO can be contacted on 0303 123 1113 or by visiting their website at www.ico.org.uk.
[1] Where our premises are within a larger business complex owned by our landlord or other third party, the landlord may have control and ownership of such CCTV systems for their own safety and security purposes and we may request access to recorded data where required.