Privacy Notice
Leep Utilities Limited and its subsidiary companies (Leep) are committed to complying with the General Data Protection Act 2018. Looking after the personal information you share with us is very important and we want you to be confident that your personal data is kept safely and securely and you understand how we use it.
We have published this notice to help you understand:
· How and why Leep collect information from you
· Who we share your information with, why and on what basis
· What your rights are
Leep will be what is known as the ‘Data Controller’ of the personal data you provide to us, and we will sometimes refer to ourselves in this notice as “we” or “us”. By Data Controller, this means Leep determines the way in which any personal data is, or will be, processed.
Should you need to contact us please choose one of the following options:
Write to Leep Utilities, Level 2, Metro Building, 33 Trafford Road, Manchester M5 3NN
Call 0345 122 6786
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
What information we collect when you register and why?
When you take services from us, you are entering into a deemed contract and we will need to set up an account.
So we can set this up we will ask you to provide some personal information such as:
Full name
Address (and previous addresses)
Date of birth
Contact numbers
Email addresses
Health data (for customers signed up to our Priority Service Register)
If you wish to set up a direct debit payment, we will collect bank details from you and securely store this information.
As a credit customer, we get information about you from credit reference agencies. This is covered in more detail in the section Who we share your information with and why.
How do we use your information?
Data Protection stipulates that we are allowed to use and share your personal data only where we have a justified reason to do so. The Regulation provides we must have one or more of these reasons, which are:
Contract – your personal information is processed in order to fulfil a contractual arrangement e.g. in order to send you your billing information
Consent – you agree to us using your information in this way e.g. for storing your bank details
Legitimate Interests – allows Leep to provide you with the best service in the most secure and appropriate way e.g. to transfer your data to certain Third Parties
Legal Obligation – where there is a legal requirement to share the information e.g. when we have to share your information for law enforcement purposes or to report to regulators.
Who we share your information with and why
Leep works with a number of trusted suppliers, agencies and businesses in order to provide a high-quality service; working with credit reference agencies, fraud prevention agencies, technicians visiting your home, amongst others.
Some examples of the categories of third parties with whom we share your data are:
IT Companies
Leep works with businesses who support our website and other business systems.
Industry Bodies:
Information about your electricity connection may be shared with regulatory bodies. Such as the MRA by providing data to the Electricity Central Online Enquiry Service (ECOES)
Third Parties:
In the event of emergency, we may share your data with our third party contractors to make your supply safe.
Payment Processing Providers
Leep works with trusted third-party payment processing providers in order to securely take and manage payments.
Credit Reference Agencies
When you apply for credit with us we will undertake searches with Credit Reference Agencies (CRAs). We do this to offer our customers appropriate, affordable and flexible payment options. This also allows us to monitor potential fraud through the provision of false or inaccurate information.
We will continue to exchange information with CRAs for the lifetime of your account. Data held by the CRAs will be linked to the data of your spouse, any joint applicants or other financial associates.
We will use automated credit-scoring methods to assess your application and to confirm your identity. We will check your credit history against our lending criteria and if you don’t meet our requirements you will offered an alternative payment method. Further details regarding automated credit scoring are below. Should you wish to object to the use of automated credit scoring, please contact us using one of the following methods:
Call 0345 122 6786 or
Write to Leep Utilities, Level 2, Metro Building, 33 Trafford Road, Manchester M5 3NN.
For your information please us the link below to see the Credit Reference Agency Information Notice (CRAIN) whttp://www.experian.co.uk/crain/
Debt recovery and fraud prevention services
Before we provide services to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering and to verify your identity.
Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, and IP addresses. Together with fraud prevention agencies, we may enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We process your personal data on the basis that we have a legitimate interest or is in the public interest, in preventing fraud and money laundering and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is a contractual requirement of the services or payment options you have requested.
We may share your data with both debt collection agencies and credit reference agencies to allow us to validate and/or update your data so that we can contact you, the purpose of which may be to discuss your debt position.
Fraud prevention agencies can hold your personal data for different periods of time and, if you are considered to be a fraud or money laundering risk, your data can be held for up to six years.
In addition, if Leep Utilities Limited, or any of its subsidiary companies, enters into a joint venture with, purchases or is sold to or merges with another business entity, your information may be disclosed or transferred to the target company, our new business partners or owners or their advisors.
Automated Decisions
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision-making: if you want to know more please contact us using the details above.
Consequences of Processing
If we, or a fraud prevention agency determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services or financing to you. If you have any questions about this, please contact us on the details above.
Data Transfers
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
Your Rights
Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.
For more information or to exercise your data protection rights, please contact us using the contact details above. You also have a right to complain to the Information Commissioner’s Office, which regulates the processing of personal data.
Transfers to countries outside the European Economic Area
Some of the information you provide to us may be transferred to our partners who may be based outside the European Economic Area (EEA). We undertake data security due diligence on our partners and ensure that that these partners conform to appropriate accreditations.
Wherever transfers of data to countries outside the EEA occurs, Leep will put in place an appropriate contractual provisions to ensure that there are strict rules regarding both the confidentiality and security of your information.
Keeping in touch with you
We want to keep you up to date with information about our services or improvements to our website. When you set your account up, we will ask you if you want to receive this type of information.
If you decide you do not want to receive this information you can request that we stop by:
writing to Leep at the above address or,
emailing dataprotection@leeputilities.co.uk or,
calling the Customer Services Team on 0345 122 6786.
Leep will not share your information with companies outside of Leep Utilities Limited and its subsidiary companies.
You may continue to receive mailings for a short period while your request is dealt with.
How long we keep your information
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under How we use your information above. The only exceptions to this are where:
the law requires us to hold your personal information for a longer period, or delete it sooner;
you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
Details of retention periods for different aspects of your personal data are available in our data retention policy which you can request from us by contacting us at the email address above.
What are your rights
You are entitled to request the following from Leep, these are called your Data Subject Rights and there is more information on these on the Information Commissioners website www.ico.org.uk
Right of access – to request access to your personal information and information about how we process it
Right to rectification – to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
Right to erasure (also known as the Right to be Forgotten) – to have your personal information erased.
Right to restriction of processing – to restrict processing of your personal information
Right to data portability - to electronically move, copy or transfer your personal information in a standard form
Right to object - to object to processing of your personal information
Rights with regards to automated individual decision making, including profiling – rights relating to automated decision making, including profiling
If you have any general questions about your rights or want to exercise your rights please contact us using one of the following methods:
Call 0345 122 6786 or
Write to Leep Utilities, Level 2, Metro Building, 33 Trafford Road, Manchester M5 3NN.
You have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed. The contact details for the Information Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICO website www.ico.org.uk where your personal information has or is being used in a way that you believe does not comply with data, however, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.
Data security
We will always store your digital information on secure servers. Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our site or otherwise to our servers (such as by e-mail). Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Cookies
We may use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site from time to time. We also use cookies in order to ensure page continuity and for the interactive sections of our site. Visitors to our website who do not wish to have cookies placed on their IT equipment should set their browsers to refuse cookies before using our website. This will mean that some features of our site may not function properly without the aid of cookies.
Changes to our Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Any material changes we may make to our Privacy Notice in the future will be uploaded to our website and you will be deemed to have accepted the terms of the Privacy Notice either when you first use our website following the alterations, or when the revised version is exhibited to you. A copy of our Privacy Notice is also available on request by emailing dataprotection@leeputilities.co.uk