Third Parties' Privacy Notice

This notice applies to any Third Party who provides information to EDF Energy. This may include visitors to EDF Energy sites and contractors working at or with EDF Energy, including agency supplied workers, managed service workers and embedded contractors. It does not apply to employees.

EDF Energy respects your privacy and values the trust you place in us when you share your personal information with us. This policy sets out how we, as controller, collect and use your personal information; why we use it, with whom we share it, the rights to which you may be entitled and your choices about our use of your personal information.

This notice will be changed from time to time but if we change anything important (for example, the information we collect, how we use it or why) we will highlight those changes to you. 

If you have any questions please get in touch with our Data Protection Officer: at dpo@edfenergy.com or EDF Energy, 90 Whitfield Street, London, W1T 4EZ.

Summary – What we collect, how we collect and why we collect information about you

We collect certain types of information from and/or about you throughout our interaction with you, from third party service providers or publicly available sources. This information may include your name, address, contact details, curriculum vitae, and medical information. We use this information for the activities we have listed in the table below, including in order for us to provide our services, comply with legal and regulatory obligations, for marketing and reporting purposes. 

 

What we collect

This category of information we collect about you may include:

How we use it

We use this information for certain activities, including to:

Why we use it

We use this information because:

Information when you communicate with us whether in person, when visiting our sites, through our website or via email, over the telephone, through social media or via any other medium

- Identification information such as passports, driving licences etc;
- Your contact details;
- The details of your communications with us;
- The details of our messages to you;
- Your marketing preferences;
- Marketing information

- Answer any issues or concerns;
- Monitor potential stakeholder communications for quality and training purposes;
- Develop new services;
- Improve our services;
- Personalise our service;
- Deal with any complaints;
- For the purposes of marketing/sending invitations to events

- We have a legitimate business interest in:
- understanding public feedback and in responding to communications in a consistent manner;
- ensuring that we are better able to personalise our service to the public;
- In addition to the above, where we have obtained your consent to use the data in this explicit way, then we can rely on that consent
- For security purposes

Information that we collect incidentally from other sources or public sources

 

- Information presented on our social media or wider media platforms such as Yammer, Facebook or Twitter;
- Information collected by security systems;
- Your name and postcode from publicly available sources like the electoral roll or Royal Mail

- Maintain market awareness;
- Build and maintain social media branding, and our branding in general;
- Deal with complaints received;
- Address subject access requests

- We have a legitimate business interest in:
 - providing security over our business;
   - maintaining a public profile within the media;
 - resolving complaints;
- maintaining the accuracy of data we hold;
- In addition to the above, where    we have obtained your consent to use the data in this explicit way, then we can rely on that consent

Information we collect from third party partners and corporate customers

- Potential [stakeholder details, like name and email address, from:
- publicly available sources such as the electoral roll; Royal Mail 

 

- Provide our services;
- Manage and administer our systems;
- Statistical analysis and research into our clients

- We have a legitimate business interest in:
- developing and maintaing relationships with third party partners and other companies and dealing with individuals who work for them;
- conducting research to improve our services
- In addition to the above, where we have obtained your consent to use the data in this explicit way, then we can rely on that consent

Information that we collect from you or your employer in order to comply with all relevant laws, regulations, industry codes and government instructions, and to deal with complaints

Your contact details
- Health and medical data;
- Identification information such as passports, driving licences etc.;
- Curriculum Vitae

- Report to the Department for Business, Energy and Industrial Strategy (BEIS);
- Respond to requests made by law enforcement or regulatory authorities, bodies or agencies, or in relation to a legal claim
- To ensure personnel are suitably qualified and experienced for the work being carried out

- We need to comply with legal obligations;
- We have a legitimate business interest in:
- resolving any complaints we may receive;
- ensuring that we comply with our regulatory and legislative obligations;
- maintaining appropriate records for in relation to potential legal claims;

Information obtained as a result of a criminal records check

- Criminal records information

- To complete our security checks
- To comply with our regulatory obligations in relation to Office of Nuclear Regulation

- It is necessary for compliance with a legal obligation to which EDF Energy is subject;
- It is necessary for contractors to work on our sites;
- It is necessary for the purposes of the legitimate interests of EDF Energy to:
      - Ensure the safety and security of nuclear power stations;
- Ensure the suitability of contracted staff in relation to relevant roles;
     - To maintain appropriate records in relation to potential legal claims;
- And in all cases is carried out only under the control of an official authority

Information we need to contact you and provide benefits to you

- Your personal and work contact details including your name, address, email address;
- Your date of birth
- Your benefits’ information

- To contact you;
-To provide you with benefits

- It is necessary to perform our duties under a contract with your employer;
- It is necessary for the purposes of the legitimate interests of EDF Energy to:
- Ensure appropriate records are kept of third parties on site;
 - To maintain appropriate records in relation to potential legal claims

Information about your role, workplace performance and progression

- Which member of EDF Energy staff you report to;
- Your role and employment history;
- Your attendance record;
- Your sickness records
- Skills & Experience

- To manage our workforce and ensure you integrate into the team on the particular project on which you are working

- It is necessary for the purposes of the legitimate interests of EDF Energy to:
- manage the performance of its contractors;
   - manage contractors’ attendance at work;
 - To maintain appropriate records in relation to potential legal claims

Information about your fitness for work

- your attendance record;
- your sickness records;
-  results of drugs and alcohol testing;
- Display Screen Equipment Assessments;
- Personal Evacuation Plans;
- Information provided to us by your employer regarding your health and/or reasonable adjustments which you need in the workplace

- to assess your fitness for work;
- to provide appropriate support to contractors with health and wellbeing issues;
- to comply with our legal obligations, such as the duty to make reasonable adjustments and provide a safe working environment;
- to manage our workforce if you are sick or not well

- it is necessary for compliance with our legal obligations (such as health and safety obligations);
- it is necessary for the purposes of the legitimate interests of EDF Energy to:
- plan and manage its workforce;
 - to maintain appropriate records in relation to potential legal claims
- it is necessary for the purposes of preventive or occupational medicine, for the assessment of your working capacity, medical diagnosis, or the provision of health or social care or treatment

Information required to allow you to access systems in order to effectively carry out your role

- Your contact details

- Monitoring of our services
- To enable contractors to view active/closed and therefore view data held on databases
- To enable contractors to log their work

- We have a legitimate business interest in:
- Providing access to users to systems required for EDF Energy to properly carry out its business

 

Information we share and who we share it with

There are certain circumstances where we may transfer your personal data to employees, contractors and to other third parties. Some examples of when your personal information is transferred to other third party organisations are as follows:

  • We may share information about you with other members of our group of companies so that we can provide the best service across our group. They are bound to keep your information in accordance with this Privacy Notice;
  • We may also share your information with certain contractors or service providers and they may process your personal data for us. They are always required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function;
  • If we're discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality – or if sold, to buyers who can continue to provide services to you;
  • If we're required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police; OFGEM or BEIS – or to defend any legal claims.
  • Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data

Where your information will be held

When we share your information, your information may be transferred outside the European Economic Area. We will only transfer data to jurisdictions outside the scope of the General Data Protection Regulation (GDPR) where the appropriate safeguards required by the GDPR are in place. We store our information on cloud servers located in the USA, or engage vendors which do not always have equivalent data protection laws to those applicable in Europe. The transfer of this information is therefore governed by a contract including standard contractual clauses (SCCs) approved by the European Commission. We will keep your information for as long as it is reasonably necessary. It will depend on factors such as whether you are working on our site or have attended one of our visitor centres recently. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Your rights

You may have certain rights in relation to your information including a right to access or to correct the information we hold on you. Some of these rights will only apply in certain circumstances however, such as the right to be forgotten or the right to request that we move your information to another company. They will generally not be available if there are outstanding contracts between us, if you continue to be employed as a contractor on one of our sites, if we required by law to keep the information or if the information is relevant to a legal dispute. If you would like to exercise, or discuss, any of these rights, please contact the Data Protection Officer.

You can remove consent, where you have provided it, at any time, as well as update any of your opt-in marketing preferences by sending the Data Protection Officer an email at dpo@edfenergy.com, a letter at EDF Energy, 90 Whitfield Street, London, W1T 4EZ.

  • You can ask us to confirm if we are processing your information
  • You can ask for access to your information
  • You can ask to correct your information if it's wrong
  • You can ask us to delete your information (the right to be forgotten), but only in certain cases
  • You can ask us to restrict how we use your information, but only in certain cases
  • You can ask us to help you move your information to other companies, but only in certain cases
  • You can object to us processing your information based on legitimate interests, but only in certain cases
  • You can object to processing your information in relation to direct marketing
  • You can ask us to stop using your personal information, but only in certain cases
  • You have the right to complain to the relevant supervisory authority

Security and Accuracy

We are committed to keeping your personal information safe. We've got physical, technical and administrative measures in place to prevent unauthorised access or use of your information. We also require that our suppliers protect such information from unauthorised access use and disclosure. We will also routinely refresh our information to ensure we keep it up-to-date.

Website terms and conditions and cookies

Our website terms and conditions can be found on this page.