Energy Infrastructure Planning Privacy Statement

Introduction

When you take part in the national infrastructure consenting process or contact us for advice, the Department for Business, Energy and Industrial Strategy (BEIS) will respect your privacy and is committed to protecting your personal information. This Privacy Statement ('the Statement') will tell you how we look after your personal information and your rights in relation to your personal information and how the law protects you.

When we talk about personal information in this Statement, we mean any data which identifies you, such as your name or contact details. Your personal information may also include information about how you use the Energy Portal.

Index

1. Important information and who we are

2. The personal information we collect about you

3. How your personal information is collected

4. How we use your personal information

5. Data Retention

6. Disclosures of your personal information

7. Data Security

8. Your Rights

9. Complaints

1. Important information and who we are

BEIS is the data controller and responsible for your personal information. Our registered address is 1 Victoria St, Westminster, London SW1H 0ET.

We have appointed a Data Protection Officer ('DPO') who is responsible for overseeing our compliance with data protection laws and answering any questions about this Statement. The DPO can be contacted at: www.GDPR@beis.gov.uk

2. The personal information we collect about you

Personal information means any information about an individual from which that person can be identified. It does not include data where your identity has been removed (anonymous data).

For example, when you submit an application in the Energy Portal, register to receive information or email us directly, we may collect certain personal information from you. We may collect, use, store and transfer different kinds of personal information which we have grouped together as follows:

  • Identity data which includes your first, middle and/or surname, username or similar identifier and title;
  • Contact data which includes your postal and/or email address, telephone numbers and date of birth;
  • Transaction data which includes payments you have made for applications;
  • Technical data which includes internet protocol (IP) address, log in details, operating system and platform and other technology on devices you use;
  • Profile data which includes your username and password, applications submitted by you, preferences, feedback and consultation responses;
  • Usage data which includes information about how you use the portal;
  • Communication data which includes information on emails and updates you have subscribed to receive from us.
  • We do not usually collect any special categories of personal information such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic or biometric data or data about criminal convictions but we may process such data if you volunteer such information.

    3. How your personal information is collected

    We use different methods to collect personal information from and about you through:

  • Direct interactions such as corresponding with us by post, phone, emails or otherwise. Providing identity and contact details by creating an account in the Energy Portal, subscribing to receiving information from us, responding to consultations.
  • Automated technologies or interactions. As you interact with us, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this information by using cookies.
  • Technical data from Google Analytics (if applicable).
  • Contact and transaction data from providers of payment services.
  • 4. Why we might process your personal data and the legal basis for this

    We will only use your personal information when the law allows us to. Most commonly we will use your personal information in the following circumstances:

  • For the purposes of discharging our statutory functions including:
  • Gathering and publishing evidence and opinions including through consultations and carrying out research;
  • Licensing activities including granting a licence and other applications in respect of a licence;
  • Undertaking stewardship and other surveys;
  • Undertaking regulatory investigations.
  • Where we need to comply with a legal or other regulatory obligation;
  • To establish, exercise or defend legal rights;
  • To improve our services.
  • Consent:

    We may rely on consent as the legal basis for processing your personal information. You have the right to withdraw your consent as the basis on which we process your personal information. If you wish to withdraw your consent for processing, please contact the DPO. The withdrawal of consent will not affect the lawfulness of the data processing before your consent was withdrawn.

    Purposes for which we will use your personal information:

    To ensure we fulfil our statutory functions and as necessary for the effective performance of a task carried out in the public interest eg consultation and in the online management of applications.

    Change of purpose:

    We will only use your personal information for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact the DPO.

    If we need to use your personal information for an unrelated purpose, we will tell you and explain the legal basis which we consider allows us to do so.

    We may process your personal information without your knowledge or consent in compliance where required to do so by law.

    5. Data Retention

    Your personal data will be held for five years. It is necessary to retain your data for accountability purposes if any decision the Secretary of State takes is judicially reviewed or infracted, in such instance it may be retained longer until the end of any such actions.

    In determining how long we will keep your personal data we will consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those processes through other means.

    6. Disclosure of your personal information:

    We may need to share your personal information with third parties including:

    Government departments and other regulatory bodies for the purposes of enabling them and us to carry out our respective legal and statutory functions;

    Third parties who we may employ in order to process personal information on our behalf. We require all third parties to respect the privacy or your personal information and to treat it in accordance with the law. We do not allow third parties to use your personal information for their own purposes and only permit them to process your personal information for a specified purpose and in accordance with our instructions.

    7. Data Security:

    We protect your personal information against unauthorised access, unlawful use, accidental loss, corruption or destruction.

    We use technical measures such as firewalls and password protection to protect your data and the systems they are held in.

    We limit access to your personal information to employees, agents, contractors and other third parties with a business need to know. They will only process your personal information in accordance with our instructions and are subject to a duty of confidentiality.

    We have put in place procedures to deal with any suspected data breach and will notify you and the Information Commissioner's Office as required.

    8. Your rights:

    You have the right to access your personal information. In certain circumstances, you have the right to:

  • Request correction of your personal information;
  • Request erasure of your personal information;
  • Object to the processing of your personal information;
  • Request restriction of processing your personal information;
  • Request a transfer of your personal information;
  • Withdraw consent you have provided for the processing of your personal information;
  • To request your personal information or exercise any of your other rights, contact the DPO.
  • Fees: You will not normally have to pay a fee to access your personal information (or to exercise any of the rights as above).

    Information we may need from you: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that your personal information is not disclosed to a third party who has no right to receive it.

    We may also request further information in relation to your request to help us deal with it as quickly as possible.

    9. Complaints:

    If you have any complaints about the way we process your personal information, please contact the DPO.

    You also have the right to make a complaint to the Information Commissioner's Office, which can be contacted at:

    Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, by visiting the official ICO website or calling 0303 123 1113 or 01625 545 745.

    Members of the public based in Wales or Welsh speaking members of the public may wish to contact the Wales office where calls in Welsh are welcomed:

    Information Commissioner's Office - Wales, 2nd Floor, Churchill House, Churchill Way, Cardiff DF10 2HH. Telephone: 029 2067 8400 Fax: 029 2067 8399 or Email: wales@ico.org.uk

    Copyright | Privacy & Cookies | Disclaimer | BEIS Home Page |