Introduction
The Student Energy Group believes in doing the right thing – always. We want you to know your rights regarding your personal data and what to expect when we collect and process it.
As a paperless company we need to ensure we hold the necessary information to contact you digitally regarding your account with us.
It’s important you take the time to read this Privacy Policy fully to keep informed.
What information do we collect?
When you sign up we ask for some basic information in order to provide you with our services, some of it is personal information.
To provision your account we collect the following information:
- Your full name
- Your e-mail address
- Your mobile number
- Your address
- Your date of birth
- Your payment information
- Your housemates’ contact information
We may also collect information about you or your housemates’ needs to help us understand if you have any special requirements as required by regulation. Where we request this there is always the option to not provide this.
If you work for one of our Business Customers we will collect the following information:
- Your full name
- Your business e-mail address
- Your business phone number
- Your position at the business
For job applications for vacancies at The Student Energy Group we will collect the following information:
- Your full name
- Your e-mail address
- Your phone number
- Your date of birth
- Information on your right to work in the United Kingdom
- Other relevant information you provide on your CV such as qualifications and career history
How do we use personal information?
Most of the personal information we process is provided directly by you to fulfil the contract between us. For example, to assist with support issues, to process payments, and to provide your payment notices. As a paperless company we use your e-mail and mobile number as primary contact points.
We also receive personal information indirectly from selected partners in the event you enquire with them regarding our services and consent for them to do so. The information exchanged will only be the data you provide and request to share with us. We will use this information to offer our services to you.
We use the information that you have given us in order to do the following:
- Fulfil our obligations as part of our contract with you
- Confirm your identity when you contact us
- Help you with any queries you contact us regarding
- Provide our services to you
- Manage our contracts with our suppliers
- Take and process payments
- Comply with any regulatory and legal obligations we are held to
- Comply with requests from law enforcement agencies
- Marketing purposes where you have given consent for us to do so
- Provide access to our website and our customer portals
- Improve our services
- Record calls for training and monitoring purposes
We may share this information with our suppliers and selected partners when and if required to fulfil our contract, such as if a visit to your property is required to provide our services or effect repairs or remediation to existing services. This data will be shared with them over the Internet using a secure connection and secure data storage, and kept for the minimum amount of time required for the contract to be fulfilled.
Payment card data security
We use a Payment Card Service Provider, Stripe Payments UK Ltd, to manage the registration of payment cards on behalf of customers and to manage payments taken from those payment cards to settle outstanding balances incurred by customers during the normal operation of their contract with us.
The Payment Card Service Provider acknowledges that it is responsible for the security of any cardholder data that it possesses, stores, processes, or transmits on behalf of the The Student Energy Group and its customers, or to the extent that it could impact the security of the The Student Energy Group’s cardholder data environment, in accordance with the requirements of the Payment Card Industry Data Security Standard (PCI DSS).
The Payment Card Service Provider agrees to maintain appropriate security controls and processes to protect this cardholder data from unauthorised access, disclosure, alteration, or destruction. In addition, the Payment Card Service Provider agrees to comply with all applicable PCI DSS requirements and to promptly notify The Student Energy Group in the event of any actual or suspected security breach involving cardholder data. The Payment Card Service Provider further agrees to cooperate fully with the customer in any investigation of such a breach and to take all necessary steps to remediate any security vulnerabilities or deficiencies identified in its systems or processes.
What legal basis do we have for processing your personal data?
Under the Data Protection Act (2018) and the UK General Data Protection Regulation (UK GDPR), any organisation must have a legal basis to process your personal information.
The lawful bases we rely on for processing this information are:
- Your consent
- We have a contractual obligation
- We have a legal obligation
- We have a legitimate interest
- We have a vital interest, in cases of vulnerable customers
- We need it to perform a public task, in cases of cooperation with regulators and law enforcement organisations
Withdrawing consent
You are able to remove your consent at any time by contacting our Information Compliance Manager by e-mail: informationcompliance@thestudentenergygroup.com. Please include your account number if you know it.
You must note, however, that withdrawing your consent does not automatically mean that we have to stop processing your personal data. If one or more of the other lawful bases still apply, we will continue to process your data on those bases until they have all ceased to apply.
Where do we store and process personal data?
We ensure that appropriate security measures are in place when handling your personal data. Information may be held at our office, service providers, and agents as described above.
All data is stored within data centres and storage facilities located within the UK or EEA.
How long do we keep your personal data for?
We will only ever retain your personal information for as long as is necessary for the performance of our contract or in accordance with our legal and regulatory obligations. If you enquire with us without entering into a contract with us we will retain your information for 12 months as legitimate interest.
We retain data to complete audits, identify returning customers, meet compliance requirements, and manage any legal claims.
We will destroy your personal data by obfuscating the data to remove any personal information.
Your data protection rights
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your personal information. This process is known as a Data Subject Access Request (DSAR).
- Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you believe is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances. This process is known as a Data Erasure Request (DER).
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances, in a suitable electronic format and using a secure transmission method.
You are not required to pay any charge for exercising your rights. If you make a request (e.g. DSAR or DER), we have one month to complete this request, subject to suitable qualification and identification checks having been satisfied.
How do I exercise my right to rectification?
If you think the personal information we have stored about you is inaccurate or incomplete you have the right to ask to to correct and/or complete it. You are able to change some of your personal information in our customer portal. However, you can also ask us directly to rectify any issues, irrespective of portal availability.
Please e-mail our Information Compliance Manager at informationcompliance@thestudentenergygroup.com, providing information that we can use to identify your account and a description of the incorrect and/or incomplete data. Include the information we will require to put it right where appropriate.
How do I exercise my right to restrict processing of my personal information?
You have the right to request the restriction or suppression of your personal information. This is not an absolute right and only applies in certain circumstances.
Please e-mail our Information Compliance Manager at informationcompliance@thestudentenergygroup.com, providing information that we can use to identify your account. Please state the reason(s) why you wish to exercise your right to restrict the processing of your personal information. We will examine your request and respond to you confirming the validity of your request and when we will be fulfilling it, assuming it is valid.
How do we use information from credit reference agencies?
In order to process your order for services or your application for a vacancy with The Student Energy Group, we may supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations.
The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at: http://www.experian.co.uk/crain
How to contact us
Please e-mail our Information Compliance Manager at informationcompliance@thestudentenergygroup.com if you have any questions or wish to make a request.
How to complain
We take the protection of your personal data seriously and strive to maintain the highest standards in compliance with data protection legislation, including the UK General Data Protection Regulation (GDPR). If you believe that your data has been misused or that our organisation has not adequately kept it secure, please follow the steps outlined below to file a complaint.
In the first instance, please contact our Information Compliance Manager by e-mail: informationcompliance@thestudentenergygroup.com. Clearly outline the nature of your concern and provide as much detail as possible.
If you are not satisfied with the response from our ICM of prefer a formal written process, you can submit a written complaint. Address your written complaint to:
Information Compliance Manager
The Student Energy Group Ltd.
4th Floor, Regent House
50 Frederick Street
Birmingham
B1 3HR
Include your contact details, a clear and full description of the issue, and any supporting evidence you may have. Upon receiving you written complaint we will acknowledge its receipt within five working days. The acknowledgement will include a reference number for your convenience.
Our Information Compliance Manager will conduct a thorough investigation into your complaint, irrespective of whether it has been received by e-mail on in writing. We aim to complete the investigation within 30 calendar days, unless additional time is required, in which case you will be notified.
Following the investigation, we will provide you with a written response outlining our findings. If your complaint is upheld, we will detail the corrective actions taken or planned to address the issue.
If your complaint is not resolved to your satisfaction you have the right to contact the Information Commissioner’s Office (ICO). You have the right to contact the ICO at any time, whether or not you have already submitted a complaint to us, however, the ICO will recommend you first follow our complaints process if you have not already done so.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
- Helpline number: 0303 123 1113
- ICO website: https://www.gov.uk/
- ICO complaints information: https://www.gov.uk/data-protection/make-a-complaint