Privacy Policy

1. Introduction

At Pennon Group Plc ("We" or "PNN") we are committed to protecting and respecting your privacy.

This notice (together with our website http://www.pennon-group.co.uk/terms-and-conditions terms of use and any other documents referred to therein) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by post or e-mail. We periodically review and update this Privacy Notice to reflect changes in our services as well as to comply with changes in Data Protection Laws and Legislation. We would, therefore, encourage you to review this Notice on a regular basis.

2. Who are we?

Pennon is one of the largest environmental infrastructure groups in the UK. The group consists of;

  • South West Water Ltd
  • Bournemouth Water Ltd
  • Source Contact management Ltd
  • Pennon Water Services Ltd

These companies may be separately responsible for your data (referred to as Data Controllers) and some carry out processing on our behalf (referred to as Data Processors). See their respective privacy notices for more information.

Definitions

Data Subject: - A data subject is any person whose personal data is being collected, held or processed

Data Controller: - The data controller determines the purposes for which and the means by which personal data is processed

Data Processor: - A processor is responsible for processing personal data on behalf of a controller

The company or companies listed above which are relevant to you will depend upon who you are and what type of interaction you have with Pennon. Your point of contact for all matters relating to privacy and personal data in connection with us will be Pennon Group Plc. Section 12 below provides our data protection registration information and details of who to contact if you have questions about this Privacy Notice or your personal data.

3. Who does this Privacy Notice apply to?

This notice relates to the collection and use of the personal data of individuals, sole traders and individuals who are in business partnerships. It does not apply to information we collect or use in relation to companies or other organisations.

It is intended that this Privacy Notice covers:

  • Existing, potential and previous customers and those acting on their behalf
  • Suppliers and contractors
  • Members of Customer Challenge Groups
  • Members of Parliament and Members of the European Parliament
  • Members of Regional Action Groups
  • Members of Environmental Action Groups
  • Journalists
  • Developers
  • Motorists encountered by our staff
  • Visitors to our sites (including in vehicles)
  • Visitors to our websites
  • Shareholders
  • Individuals interacting with our legal department
  • Individuals who make general enquires about our services
  • Advisors to all of the above or other people providing assistance to them

4. How do we collect personal data?

We may collect your personal data from anything you have provided us on our website http://www.pennon-group.co.uk/ or provided over the telephone, in a letter, e-mail, facsimile, or via social media like Twitter and Facebook. We may also access information about you that is already publicly available.

Please note that outbound and inbound calls may be recorded for training and quality purposes.

We use CCTV cameras on our sites to capture images of people and vehicle identification information such as number plates.

We also collect personal data given to us if we meet in person for example whilst visiting your home, worksite or business premises or if you come to one of our sites.

In addition, we collect your personal data from third parties including:

  • Individuals that have permission to contact us on your behalf.
  • Solicitors, accountants or anyone acting on your behalf
  • Public authorities and agencies with whom we work
  • Law enforcement agencies.
  • Pension Providers

5. What personal data do we process?

We may collect and process the following data about you:

  • Identification and contact data: this would include your title, name and contact details such as your email address and mobile telephone number.
  • Payment information: this would include transaction records of payments made and details of your bank account or credit or debit card in order to process payments or set up direct debits.
  • Financial performance data: means information received from and provided to credit reference agencies.
  • Behavioural information: if there has been any vexatious or abusive behaviour made towards Pennon Group Plc. staff, contactors or agents.
  • Data received from and provided to law enforcement agencies: this means information to assist in the prevention, detection, apprehension and prosecution of criminal activity from agencies such as the Police, Department for Work and Pensions, HM Revenues and Customs (HMRC), UK Visas and Immigration and the Environment Agency
  • Website tracking information: this means details of transactions you carry out through our website and details of your visits to our website.
  • Survey information: this means information you provide as part of customer or stakeholder surveys.
  • Preference information: this means any opt in or opt out preferences that you have provided us with confirming whether you wish to receive information about offers and information that may be of interest to you.

6. Why do we process your personal data (our lawful basis for processing)?

The legal basis for processing information is legal obligation.

To carry out our statutory and regulatory functions and obligations

In order to support the delivery of services we need to process personal data for the following purposes:

  • Managing enquiries
  • Receiving payment and debt recovery
  • Fraud prevention and detection of criminal activity
  • Public education on matters affecting our services
  • Internal training
  • Listening and addressing concerns and customer satisfaction surveys
  • Research and statistical analysis for matters affecting our services
  • Managing legal claims
  • Responding to requests for information
  • To notify you about changes to our service, our terms and conditions or our privacy policy
  • To carry out our statutory and regulatory functions and obligations
  • Procurement
  • Insurance
  • Pensions
  • Investors

We may also need to process your personal data where it is in our or your legitimate interests.

7. Who will see your personal data?

Who sees or has access to your personal data within Pennon will depend on why we need to process it. For example:

  • Our Legal Team for dealing with any complaints or disputes and requests for information
  • Our pensions team for enquiries
  • Our Finance team for financial queries

We will also share your personal data with third parties in order to meet our legal obligations or to fulfil our or your legitimate interests, such as:

  • Law enforcement agencies
  • Public authorities and agencies with whom we work
  • Our advisors
  • Software providers for our IT systems
  • Credit reference agencies
  • Contractors who carry out activities to educate the public on matters relating to our services

8. Other things to be aware of

In processing personal data to carry out our activities, PNN may transfer personal data to third party processors located outside the European Economic Area ("EEA") or allow personal data to be accessed by processors outside the EEA.

In doing so, we ensure that we act in compliance with UK data protection law and we ensure our third party processors operate to very high standards.

All information you provide to us - whether on paper, verbally or electronically - is stored securely. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data you transmit to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We may use certain types of personal data collected to help us understand how we can focus on sending you information which is relevant to you or to your circumstances.

We do not make choices based solely on automated decision-making or profiling.

On occasions we may wish to tell you about products or services we feel would be of benefit or interest to you. These products or services may be provided by us or carefully selected third parties. We may need to share some of your personal data with others in order to do this. If you have agreed to receive marketing, products or services from another company and later decide you no longer want these, please contact that company directly to let them know.

We take the privacy of children very seriously. Any child’s personal details you may provide to us will only be used for that purpose for which you have supplied and with your consent.

We will check the accuracy of any personal data at the point of collection and keep the personal data accurate and up to date on advice from yourselves. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data. The law and our regulatory requirements determine the length of time information must be kept. We will not keep your personal data longer than is necessary.

9. How you can access and update your information

As a data subject, you have a number of rights in relation to your data under UK data protection law. For full information on your rights you can read the guidance from the Information Commissioner’s Office at https://ico.org.uk/. A summary of these rights are below:

Individual Rights

What this means

Access

You can ask us to confirm whether we are processing your data and request a copy of that data in a commonly used, machine-readable format – see section 10 below.

Rectification

You can ask that your personal data be corrected if you believe it is inaccurate or incomplete

Erasure

You can ask us to erase your personal data, if –

  • It is no longer needed for the purposes for which it was collected
  • You have withdrawn your consent (Where the data processing was based on Consent)

Restriction

You can ask us to restrict your personal data (keep but not use).

Objection

You can object to any processing of your personal data for specific purposes, such as marketing.

If you would like to exercise any of these rights, please contact us using the contact details in section 12 below.

10. Subject Access Requests

Individuals can make a formal request for information we hold about them.

When receiving telephone enquiries, we will only disclose personal data we hold on our systems if the following conditions are met:

  • We will check the caller’s identity to make sure that information is only given to a person who is entitled to it.
  • We will suggest that the caller put their request in writing if we are not sure about the caller’s identity and where their identity cannot be checked.

Where a request is made electronically, data will be provided electronically where possible.

If you would like to submit a Subject Access Request, please contact the customer service team using the contact details in section 12 below.

11. Links to other websites

Our website may contain links to other websites run by other organisations.

This privacy notice applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit.

We cannot be responsible for the privacy policies and practices of other sites even if you access those using links from our website. In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the notice of that third party site.

12. Who can I contact about my personal data?

Pennon’s details for data protection purposes are:

Pennon Group Plc, Company Number 2366640, of Peninsula House, Rydon Lane, Exeter, EX2 7HR, Data Protection Public Registration number Z4569666. Our nominated representative for the purpose of the Regulation is the Data Protection Officer of Pennon Group PLC.

Should you need to contact us to discuss the handling of your personal data or to submit a request to exercise one of your Data Protection Rights, please contact us:

Telephone – 01392 446677

Email – [email protected]

Or write to – Pennon Group Plc. Peninsula House, Rydon Lane, Exeter, EX2 7HR

If you wish to raise a complaint on how we have handled your personal data, in the first instance you should telephone us on 01392 446677 and we will try to resolve you query over the phone. We may refer the matter to our Data Protection Officer who will investigate further.

Our Data Protection Officer can be contacted via email:

Email – [email protected]

Or write to – Pennon Data Protection Officer, Peninsula House, Rydon Lane, Exeter, EX2 7HR.

If you are not satisfied with our response or believe we are processing your personal data in a way that is not in accordance with the law you can refer the matter to the Information Commissioner’s Office (ICO).

13. How can I contact the Information Commissioner’s Office?

Whilst we hope that we can address any questions or concerns you might have, should you need to contact the Information Commissioner’s Office you can do so using one of the following methods:

Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113 or 01625 545 745

Website: www.ico.org.uk