Third Parties' Privacy Notice
This notice applies to any Third Party who provides information to EDF Energy. This may include visitors to EDF Energy sites and contractors working at or with EDF Energy, including agency supplied workers, managed service workers and embedded contractors. It does not apply to employees.
EDF Energy respects your privacy and values the trust you place in us when you share your personal information with us. This policy sets out how we, as controller, collect and use your personal information; why we use it, with whom we share it, the rights to which you may be entitled and your choices about our use of your personal information.
This notice will be changed from time to time but if we change anything important (for example, the information we collect, how we use it or why) we will highlight those changes to you.
If you have any questions please get in touch with our Data Protection Officer: at dpo@edfenergy.com or EDF Energy, 90 Whitfield Street, London, W1T 4EZ.
Summary – What we collect, how we collect and why we collect information about you
We collect certain types of information from and/or about you throughout our interaction with you, from third-party service providers or publicly available sources. This information may include your name, address, contact details, curriculum vitae, and medical information. We use this information for the activities we have listed in the table below, including in order for us to provide our services, comply with legal and regulatory obligations, for marketing and reporting purposes.
If you are a child or teenager, then please read the first box below which summarises what information we collect, how we collect it and why we collect it.
| What we collect | How we use it We use this information for certain activities, including to: | Why we use it |
---|---|---|---|
Information that we collect from children, teenagers, parents and teachers through our initiatives including Pretty Curious/POD and when visiting our sites | - Your contact details; | - So that we can send you email communications about attending our programmes, events and initiatives; | - We have obtained your consent to use the data in this explicit way and we rely on that consent |
Information when you communicate with us whether as a third party, contractor or otherwise, whether in person, when visiting our sites, through our website or via email, over the telephone, through social media or via any other medium | - Identification information such as passports, driving licences etc; | - Identifying you | - We have a legitimate business interest in: |
Information that we collect incidentally from other sources or public sources |
- Information presented on our social media or wider media platforms such as Yammer, Facebook or Twitter; | - Maintain market awareness; | - We have a legitimate business interest in: |
Information we collect from third-party partners, including third-party contractor employers and corporate customers | - Potential [stakeholder details, like name and email address, from:
| - Provide our services; | - We have a legitimate business interest in: |
Information that we collect from you or your employer in order to comply with all relevant laws, regulations, industry codes and government instructions, and to deal with complaints | Your contact details | - Report to the Department for Business, Energy and Industrial Strategy (BEIS); | - We need to comply with legal obligations; |
Information obtained for third party contractors and other visitors to sites, as a result of a criminal records check, the security vetting process and ongoing security surveillance | - Criminal records information | - To complete our security checks | - It is necessary for compliance with a legal obligation to which EDF Energy is subject; |
Information we need to contact you and provide benefits to you | - Your personal and work contact details including your name, address, email address; | - To contact you; | - It is necessary to perform our duties under a contract with your employer; |
Information about your third-party contractors’ role, training, workplace performance and progression | - Your National Insurance number; | - To evidence your qualifications and capability for carrying out work; | - It is necessary for the purposes of the legitimate interests of EDF Energy to: |
Information about third-party contractors’ fitness for work | - your attendance record; | - to assess your fitness for work; | - it is necessary for compliance with our legal obligations (such as health and safety obligations); |
Information required to allow you to access systems in order to effectively carry out your role | - Your contact details | - Monitoring of our services | - We have a legitimate business interest in: |
Information that we collect from you or your employer and/or from our records, during any testing for the Covid-19 virus (“Covid-19) with which you take part | - Your contact details including your name, email address and mobile phone number - Your employee number or your national insurance number - the result of each Covid-19 test - In the event of a positive test: | - Contact you to inform you of the results of your test; - Assess your fitness for work; - Fulfil our obligation to report to Public Health for England and/or Public Health for Scotland should you test positive for Covid-19; - Inform people you have been in contact with or close to, should you test positive for Covid-19; - Provide a safe working environment by minimising the transmission of Covid-19. | - It is necessary for EDF to comply with its legal obligations (such as health and safety obligations); - It is necessary for the purposes of the legitimate interests of EDF Energy to: - It is necessary for reasons of public interest in the area of public health by helping to minimise the spread of Covid-19. |
Information we share and who we share it with
There are certain circumstances where we may transfer your personal data to employees, contractors and to other third parties. Some examples of when your personal information is transferred to other third party organisations are as follows:
- We may share information about you with other members of our group of companies so that we can provide the best service across our group. They are bound to keep your information in accordance with this Privacy Notice;
- We may also share your information with certain contractors or service providers and they may process your personal data for us. They are always required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function;
- If we're discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality – or if sold, to buyers who can continue to provide services to you;
- If we're required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example, the Police; OFGEM or BEIS – or to defend any legal claims.
- Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data
Where your information will be held
When we share your information, your information may be transferred outside the European Economic Area. We will only transfer data to jurisdictions outside the scope of the General Data Protection Regulation (GDPR) where the appropriate safeguards required by the GDPR are in place. We store our information on cloud servers located in the USA, or engage vendors which do not always have equivalent data protection laws to those applicable in Europe. The transfer of this information is therefore governed by a contract including standard contractual clauses (SCCs) approved by the European Commission. We will keep your information for as long as it is reasonably necessary. It will depend on factors such as whether you are working on our site or have attended one of our visitor centres recently. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Your rights
You may have certain rights in relation to your information including a right to access or to correct the information we hold on you. Some of these rights will only apply in certain circumstances, however, such as the right to be forgotten or the right to request that we move your information to another company. They will generally not be available if there are outstanding contracts between us if you continue to be employed as a contractor on one of our sites, if we required by law to keep the information or if the information is relevant to a legal dispute. If you would like to exercise or discuss, any of these rights, please contact the Data Protection Officer.
You can remove consent, where you have provided it, at any time, as well as update any of your opt-in marketing preferences by sending the Data Protection Officer an email at dpo@edfenergy.com, a letter at EDF Energy, 90 Whitfield Street, London, W1T 4EZ.
- You can ask us to confirm if we are processing your information
- You can ask for access to your information
- You can ask to correct your information if it's wrong
- You can ask us to delete your information (the right to be forgotten), but only in certain cases
- You can ask us to restrict how we use your information, but only in certain cases
- You can ask us to help you move your information to other companies, but only in certain cases
- You can object to us processing your information based on legitimate interests, but only in certain cases
- You can object to processing your information in relation to direct marketing
- You can ask us to stop using your personal information, but only in certain cases
- You have the right to complain to the relevant supervisory authority
Security and Accuracy
We are committed to keeping your personal information safe. We've got physical, technical and administrative measures in place to prevent unauthorised access or use of your information. We also require that our suppliers protect such information from unauthorised access use and disclosure. We will also routinely refresh our information to ensure we keep it up-to-date.
Website terms and conditions and cookies
Our website terms and conditions can be found on this page.