Highland Energy Supply Company Limited (HESCO) and its affiliates, subsidiaries and related entities (‘HESCO’, ‘we, ‘our’) is committed to protecting the privacy and security of the personal data we collect about end customers and users of our services (‘you/your’). Also, to ensuring we meet our legal obligations when processing your personal data.
The purpose of this privacy notice is to explain what personal data we collect about you when providing heating, cooling or another billing services to you as a HESCO customer. When we do this, we are the data controller.
We sometimes process personal data on behalf of other organisations, such as when we manage metering and billing on behalf of landlords and energy supply companies. Where this applies, we are acting as their data processor and this privacy notice does not apply. You should read their privacy notice to see how they handle your personal data. Where we manage metering and billing on behalf of another organisation, all information and personal data you give to us will be shared with them as the data controller.
Please read this privacy notice carefully as it provides important information about how we handle your personal information and your rights. If you have any questions about any aspect of this privacy notice you can contact us using the information provided below or by emailing us at email@example.com.
Personal data we collect
We collect and process your personal data when providing our services to you. The personal data we collect includes:
- Your name
- Billing address
- Supply address
- Telephone numbers
- Energy usage details (from meter readings or smart meter data sent to us automatically)
- Bank accounts details (if you pay by direct debit)
- Date of Birth (if you want to setup a direct debit)
- Previous addresses you have lived at (if you want to setup a direct debit)
- Credit or debit card details (if you make a payment by card)
- Whether you are a homeowner or renter
- Your Meter Point Administration Number (MPAN) or other unique meter identifier
- Any other personal data you provide to us
If we need to visit your home or business to fix a fault or to carry out maintenance, we may also collect personal data from you when arranging the visit or from you or other members of your household during the visit. Occasionally this might include sensitive personal data you choose to share with us if it is relevant to the visit, such as details of disabilities or illnesses that you would like the visiting engineer to be aware of.
We collect data from you when you give it to us. We also sometimes collect data from third-parties, including housing associations, managing agents, landlords and property developers when you rent or purchase a property from them for which we provide the heating and cooling and other as an energy supply company.
Purposes for which we use personal data and the legal basis
When providing services to you, we may use your personal data for the following purposes and on the following lawful bases:
||Lawful Basis for Processing
|Provide heating, cooling or another billing service to you. Including metering your heating or cooling energy usage, calculating your charges and sending you bills.
||Necessary for the performance of the energy supply contract to which you are a party.
|Maintain and support heating or cooling assets at your property. Visiting your residence to maintain our equipment in the property and fix any faults you have reported to us.
||Necessary for the performance of the energy supply contract to which you are a party. When processing sensitive personal data, we do so with your explicit consent.
|Take payment for heating or cooling services. By direct debit, credit card or debit card, for the energy services we have or will provide to you.
||Necessary for the performance of the agreement to which you are a party.
|Respond to correspondence from you. Including enquiries, complements and complaints.
||Our legitimate business interest to respond to your correspondence, including enquiries, complements and complaints.
|Sharing payment arrears and account balance information: With your landlord or managing agent if you fail to make payments to us for the heating or cooling services we have provided to you, or if we are collecting payment on their behalf.
||Our legitimate interest in being paid for the services we have provided, and the landlord’s legitimate interest to be made aware of debts for which they have agreed to be liable.
|Contact you for feedback. Including sending you customer satisfaction surveys.
||Our legitimate business interest to collect your feedback, develop our products and services and improve our business.
|Internal management, administrative and organisational purposes. This includes maintaining internal records and carrying out other business administration tasks.
||Our legitimate business interest to process your personal data in order to manage our business.
|Statistics and other data analysis. This includes creating forecasts and business plans, improving our services and developing new services.
||Our legitimate business interest to process your personal data to develop and improve our business through aggregated and anonymised reporting and analysis.
|Sharing data with entities in our group. Including sharing customer records with our subsidiaries and affiliates.
||Our legitimate business interest to share your data with trusted third parties who provide us with services relevant to our provision of services to you.
|Sharing data with other third parties. Including third parties who process personal data on our behalf.
||Necessary for the performance of the energy supply contract to which you are a party.
|Meet our legal obligations. Including any laws or regulations which apply to us.
||Necessary to comply with legal obligations to which we are subject.
|Detect and prevent crime, fraud or loss. Including stealing energy such as by tampering with a meter.
||Our legitimate business interest to detect and prevent crime, fraud and loss.
Where personal data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.
Sharing your Data
We will share payment arrears information with your landlord or managing agent if you fail to make payments to us on time for the services we have provided. If we are providing services on behalf of your landlord or managing agent, we will share account balance information with them even if you have not fallen into payment arrears.
We share your personal data with trusted third parties who provide us with services relevant to our provision of services to you. This includes our professional advisers, IT service providers, cloud software provider, engineering sub-contractors and other suppliers and sub-contractors. All such third parties are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. We also share your personal data with other HESCO entities in our group for administration and management purposes. We may also share your personal data where we are required to do so by law.
In some circumstances, we or one of our suppliers may host, store, or handle your personal data outside the European Economic Area. We will only permit this to happen if the country in which your personal data will be processed benefits from a European Commission adequacy decision or where standard contractual clauses approved by the European Commission have been put in place with the recipient which contractually oblige it to process and protect your personal data to the standard expected within the EU/EEA.
How long we keep your data
We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.
At the end of the retention period, your personal data will be securely deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.
Your rights and options
You have the following rights in respect of your personal data:
- You have the right of access to your personal data and can request copies of it and information about our processing of
- If the personal data we hold about you in incorrect or incomplete, you can ask us to rectify or add to
- Where we are using your personal data with your consent, you can withdraw your consent at any time.
- Where we are using your personal because it is in our legitimate interests to do so, you can object to us using it this
- Where we are using your personal data for direct marketing, including profiling for direct marketing purposes, you can object to us doing
- You can ask us to restrict the use of your personal data if:
- It is not
- It has been used unlawfully but you do not want us to delete
- We do not need it any-more, but you want us to keep it for use in legal claims; or
- if you have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your
- In some circumstances you can compel us to erase your personal
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you wish to exercise your rights, please contact us at firstname.lastname@example.org.
You can also lodge a complaint with the Information Commissioner’s Office. They can be contacted using the information provided at: https://ico.org.uk/concerns/.
You can contact HESCO in relation to data protection and this privacy notice by writing to:
The Managing Director
HESCO (Trading name of Highland Energy Supply Company Limited )
20-23 Woodside Place
Alternatively, you can email us at email@example.com
Changes to this privacy notice
We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify of the changes where required by applicable law to do so.
Last modified December 2020.