Privacy Notice

This notice covers how we will handle and process personal information we obtain about individuals collected by PS Energy UK Limited trading as ‘Sainsbury’s Energy’ (“we”, “us” or “our” for short). 

This notice is in addition to your standard terms and conditions for supply of electricity and gas.

Some of the personal information collected is shared with the Sainsbury’s Group (Sainsbury’s).  How they use this information can be found here.  Some information is also shared with Nectar Loyalty Limited and how they use your information can be found here.

This privacy notice only covers the supply of energy by Sainsbury’s Energy to its customers. 

Updated: March 2019

Introduction

This notice sets out how we collect and handle your personal information such as when you purchase products and services from us, when you see our online customer portal and mobile app, and when you contact us, how we store and use it, and how you can access and manage this information. 

Our Data Protection Officer (DPO) provides help and guidance to assist us in meeting our obligations and to ensure we protect the data we hold about you.  We take your privacy seriously and take appropriate steps to protect the personal information we collect from you and to make sure that your personal information is kept secure and only used in line with this notice. 

Our group and your products and services

When we refer to “we” “us” “our” we mean PS Energy UK Limited trading under the licenced name Sainsbury’s Energy (who will provide all the services to you).  Products and services may be shared within subsidiary group companies, this includes Npower Limited (as the official gas and electricity licence holder).

So, what personal information do we collect about you?

We need to ask you to provide certain personal information depending on the products and services we provide to you.  It may be obtained directly from you when we speak to you or via our website or mobile App or from another third party or organisation or person. 

 

We will tell you if we may require your consent to use the information for specified purposes.

From you:

We collect information directly from you as requested by our signup process online or over the phone and contact forms you may complete.  For example, we collect the following to assist us in setting up your account and to verify who we are dealing with:

 

 

 

 

 

 

Full name (including title), age/date of birth.

Home address.

Phone number, mobile number and email address.

Bank account details as well as credit or debit card details if you pay through those means.

Meter details such as the meter serial number, MPAN or MPRN.

Gas and electricity usage (via meter reads provided by you).

Medical health conditions or other vulnerabilities.

Information about your property’s characteristics (for example its age, number of bedrooms) if you have requested energy efficiency advice or want to compare your energy usage with other properties similar to yours.

We may also collect:

Occupier details (for example the number of people living in the property) for assessing vulnerability and providing you appropriate products and services.

If you provide information on behalf of anyone else, then in doing so you are confirming that you have explained how their information may be used by us and they have given you permission for us to do so.

If you have provided any sensitive information about yourself or others (such as health related information) you agree (and are confirming that the person who the information is about agreed) that we can use the information as set out in this notice.  This may happen because you are acting as the representative on the customers behalf or because someone who is living with you requires additional support that we are able to offer. 

Industry sources who are involved in your electricity supply (such as your distributor, meter equipment owners and meter readers), or who can enhance and/or verify information you have provided (such as direct debit verifications and meter discovery verifications) other energy suppliers as well as from industry organisations who operate and maintain databases on behalf of the industry to assist (for example) in the change of supply process. 

From you about other people:

 

Landlords or letting agents who own or manage your home and who provide your details so we can set up an account in your name or from third party agents like switching sites (brokers) who you authorise to carry out your switch to us.

From third parties:                        

 

 

 

 

 

 

 

 

 

 

Credit reference or fraud prevention agencies in relation to your repayment history or your credit rating which may include public information about bankruptcies or county court judgments against you.

Publicly available sources like the Post Office to verify your information.

Other companies like energy comparison sites or brokers where you sign up to our products and services through their websites or contact centres.

Social Media providers such as Facebook, Instagram and Twitter providers where we interact with you via social media.

From our Website:

We collect certain data automatically and anonymously from your visit to our website www.sainsburysenergy.com or our mobile App to help us understand how you are using it, track and administer it and diagnose problems.

The IP (internal protocol) address and other data to allow us to help understand how you are using it to track and administer it and diagnose other problems (unless you turn this off in settings).

From our mobile App:

 

In addition to routine mobile permissions for example access to the internet in order to be able to work we will collect information about your mobile device including the model and brand, the operating system version, the screen resolution, the date and time on it, video graphics card and memory available. 

Access your device’s memory to cache permitted images to load them faster to you.

Access your push notification settings such as control vibrations, prevent phone from sleeping to send you push notification in accordance with your preferences for things like meter reading reminders.  We use a third party service to do this.  We use a unique identifier token for each mobile device which we share with our notification service provider for them to send the mobile app notifications to.  Very limited personal information can be contained in those notifications (for example, the address supplied by Sainsbury’s Energy).  You can customise what notifications you are sent by going to the Account Settings within the App. 

Access your device’s camera to use the flashlight, if you turn on the flashlight icon at the top right of the meter reading entry screen, to help you read the meter outside. Our mobile app does not access your photos.

If you consent to a crash report being sent we will receive information when the mobile app crashes.  As part of the crash report, we (and our sub-processors as well as Apple and/or Google Play (depending on your phone operating system)) receive basic device information (such as device model and operating system version) and the version of the mobile app you are using. The mobile app also sends crash reports from your installed email client, if you choose to send them. As part of this crash reporting we receive your Sainsbury’s Energy account number, consumer number, App version details, device details, and the email address and name details the email was sent from.

Webchat:

We use a third party provider to supply and support our webchat service which we use to handle customer queries in real time. If you use the webchat service we will collect details such as your name, address, and the contents of your webchat session.  This information will be retained by us in line with your other communications held by us. The third party provider will delete this information after two years.

 

 

How we use your personal information – the legal basis and the purposes

We can only use your personal information where that is permitted by data protection laws.  Those laws require that where we use your personal information we must satisfy one condition (legal basis) for processing.  The legal bases are consent, to comply with our legal obligations, to perform a contract, and it is in our legitimate interests.

Set out below are the different legal bases as well as examples of the types of processing we carry out:

Legal Basis for Processing

Processing activity (purposes)

Consent

Where you have provided us with consent we will rely on that to process your information for the purposes set out at the time that the request for consent was made.

 

You can always change that consent at any time (either by withdrawing it or giving your consent where you previously hadn’t). The consequence of that might be that we are no longer able to do certain things for you.

 

See the section on “What rights do you have over your personal data?and then “Right to withdraw Consent”

Cookies

We use cookies on our website to collect information about the device you use to access our website or App or sometime third parties collect that on our behalf. 

You are asked to do this before using our website/App.  If you refuse consent or you later remove it, you may affect our ability to provide the services you want.

See our cookie policy at sainsburysenergy.com/legal/cookie-policy/ for more information.

Marketing

From time to time if you have agreed we may provide you with marketing information relating to loyalty rewards, customer promotions and competitions about our products and services (including by phone, text message, email, via your online account, via your Smart in home display and via e-marketing i.e. using the internet and digital media technologies (for example social media)), which we think may benefit you in your everyday lives. This marketing may also include offers and services from the Sainsbury’s Group.

We ask for consent when you sign up with us but you can change your mind at any time.  We will never use your consent to direct marketing to forward you offers from third parties.

Market research

We may ask you to participate in market research including customer surveys or customer focus groups – if you agree your feedback is given with your consent.

You agree to the disclosure

If you request us to disclose your personal data to other people or organisations such as to a relative to deal with your account on your behalf or you otherwise agree to such disclosures.

Crash reports

We also rely on your consent to receive crash reports if you download and use our mobile app and it crashes.

Priority Services Register

If you elect to go on our Priority Services Register or PSR (which is a service open to certain customers who due to their health, age etc may require additional assistance), we need your consent to store and share your sensitive health information.  If you consent to us storing and sharing this sensitive health information we will use it and pass it on automatically using standard industry dataflows to relevant industry bodies like electricity distributors, gas transporters, other energy suppliers, any sub-contractors like metering companies that provide field services to enable us and them to consider what additional help and support you may need for example if there is a power loss.

Your details supplied as part of the PSR will never be used for marketing.  You need to let us know if anything changes so we can ensure we provide the most appropriate support for you.  If you no longer want to be part of the PSR, or you don’t want us sharing that information with third parties, just let us know.  More information is available at sainsburysenergy.com/legal/priority-services-register/.

 Vital Interests

We may need to share your vulnerable information with third parties because we believe you or someone else’s life is in imminent danger. 

 

This will be assessed on an individual basis and we will not share information unless we really believe there is a serious risk.

 

Whether or not you are registered on PSR referred to above if you are in danger of being cut off and we believe you may need extra help we may record vulnerable information about you.

You or a member of your household may need this extra help as a result of your (or their) health, age, disability or financial circumstances (we assess and record who may require extra help as a result of their circumstances) to assist you or them and ensure you or they stay on supply.

Performance of our Contract with you for supply of your energy and to take steps at your request prior to entering into that Contract

 

To provide you with a quote.

To help us identify you so we know who we are talking to and to authenticate the information you provide for security purposes.  We may check against information we already hold about you as an energy supplier and potentially publicly available information such as social media. 

To set you up in the appropriate industry systems based on agreed industry processes when you change your supply to or away from us including obtaining meter reads, resolving metering disputes etc.

To set up and manage your account including processing and collecting payments, recovering debts, analysing your account history and improving our service to you which include sending you:

  • notifications via our mobile app;
  • service messages such as meter read and payment reminders, changes to our opening hours by mobile app notifications, text and/or email;
  • account notifications and communications such as price and other terms and conditions changes by mobile app notifications, text and/or email).

To verify information you have provided us, such as direct debit information (to make sure we have the right bank account and it is not stolen), your address (to make sure it is accurate and a real address) or your metering information so we can be sure we can supply you.

To measure your energy use and work out your bills.

To supply you with any products or services you have asked us for such as the supply of gas or electricity (or both).

To ensure we meet our quoted price(s).

To report to and pay our referral partners such as broker websites like uSwitch.

To assess health and safety, environmental and financial risks to you.

To arrange for other Npower group companies to provide services to you where we do not offer them, and to meet legal or regulatory obligations – for example, if you need or want a prepayment meter, are on a green deal, need energy efficiency advice, or you are not a domestic customer.

To provide and improve customer support.

To resolve complaints and dispute resolution.

To train our staff and monitor our services. This may involve us recording our conversations with you or keeping copies of our correspondence with you to make sure we are providing you with a good service and are keeping to our legal and regulatory obligations.

To fulfil a Legal Obligation

 

This is where we are required to do something by law, regulatory requirement or by way of a court order

To comply with legal and regulatory requirements including those set out in the relevant gas and electricity Acts, our licence conditions and industry codes which govern how we operate.

To provide certain information to Ofgem as regulator for the energy industry either as part of an investigation by them or as part of request for information or as part of an audit of our services (usually aggregated to a non-personal level).

For demand forecasting and settlement in so far is required to meet our industry requirements.

To relevant law enforcement agencies or government agencies where we have been asked to provide the information for legal or regulatory reasons (if we receive a legitimate request for the information).

To assist you if you exercise your legal rights under data protection law.

To verify your identity, make credit fraud prevention and anti-money laundering checks.

To run our business in an efficient and proper way.  This includes managing our financial position, business capability, planning, communications, corporate governance, and audit. 

To help prevent and detect crime such as fraud and money laundering. 

As necessary for our own Legitimate Interests

 

This is where we use your personal information for our normal business purposes where the benefits of doing so are not outweighed by your fundamental rights or freedoms.

 

You have a right to object to this type of processing. See the section on “What rights do you have over your personal datathenRight to object to processing based on our ‘legitimate interests’ as a business”

For conducting business analytics such as carrying out internal reporting, profiling, modelling and analysis, market research, producing statistics.

We may take measures to ensure we carefully consider switch back when you have failed to pay for your energy supply in contravention of your contractual obligations.

To diagnose problems and test systems to ensure security and help improve the way we provide our services and the products.

To carry out web analytics to analyse and better configure our website.  This is done on an anonymous basis.

We use services such as Google Analytics to collect information about our mobile app and help us analyse it and better configure our service.  Google Analytics collects a range of anonymised information, such as the town in which the user is located at the time of login, the number of visitors on our mobile app per day, which pages they visit, and the types of devices using our mobile apps (make and model).  Our mobile app also utilises “Events” functionality. These are pre-programmed “things” which record when a user does them (and the basic device type such as Nexus 5). If you do not want us to use Google Analytics in respect of your use of the mobile app then you can turn this off in the mobile app on each device by going to the main menu: >Settings> Google Analytics.

If you have a display unit with your smart meter, we may send messages (for example, general energy-efficiency messages) direct to it, unless you let us know at any time that you do not want to receive such information.

To take part in government or industry initiatives (for example to tackle fuel poverty, improve energy efficiency or other social or consumer interests).

 

 

 

 

Who we share your information with

We may pass information about you to our agents and service providers for the purposes set out in this privacy notice for the following purposes:

  • Agents acting on our behalf to carry out profiling, modelling and analysis, market and customer research, statistical analysis to help improve the way we provide our services and the products that we are able to make available to you. These agents include creative agencies, professional user experience testing agencies and search engine optimisation agents. We do not provide personal information to these agents unless it is specifically required for services they provide for us (for example customer testing).
  • Our processors and sub-processors for the development and testing of our IT systems, diagnosing and implementing bug fixes, and diagnosing and dealing with incidents.
  • Relevant industry organisations and agencies based on agreed industry processes.  These include metering operators and metering asset managers, local lines companies, and other energy retailers. Distribution and network companies, transmission companies, meter equipment owners, meter readers, other energy suppliers as well as industry organisations who operate and maintain databases on behalf of the industry to assist (for example) in the change of supply process or the provision of industry data analytics to improve or enhance the energy efficiency in the energy market and/or to improve or enhance the efficiency our operations compared to other energy suppliers.
  • Credit-reference agencies such as Experian (see ‘How we may share your personal information with credit-reference agencies’ below for more details).
  • Other Npower Group companies, for general business purposes and to maximise the effectiveness of Npower group customer campaigns to avoid cross-selling of energy by other Npower group companies.
  • The police, other relevant law enforcement agencies, regulators, public bodies such as local and central authorities (including government agencies/departments) where we have been asked to provide the information for legal or regulatory reasons (such as prosecuting offenders, assessing or collecting tax, investigating complaints or assessing how the energy sector is working) for example by a lawyer or Ofgem or to the Information Commissioner (if we receive a legitimate request for the information).
  • If you do not pay a debt, we may ask a debt recovery agent to pursue that debt on our behalf or we may transfer your debt to another organisation and give them details about you and that debt or we may use a credit reference agency or fraud prevention agency to trace you if you have not provided your contact details or a forwarding address so that we can recover your debt or we may pass your details on as part of current or future legal action.
  • For regulatory purposes to Ofgem (or any organisation which takes over Ofgem’s role) or directly to an agent acting on their behalf, or as part of a government data-sharing initiative for example ones aimed at helping people who cannot afford to pay for their heating and electricity. They may pass that information to other agencies to be analysed or for other purposes relevant to their request or investigation.
  • If an organisation takes over all (or nearly all) of our business or assets, we may pass your personal information to them and we reserve the right to tell your future service provider of any debt you may have with us.
  • To comply with the law.
  • Our legal and professional advisors including our auditors.
  • If we suspect someone has committed fraud or stolen energy by tampering with the meter or diverting supply we’ll record those details on your account and may share that information with Ofgem, the industry appointed TRAS Fraud Prevention Agency and other interested parties such as other energy suppliers, landlords, housing associations, fraud prevention agencies and other organisations (such as the police) involved in crime and fraud prevention who may also use this information (see the section on “Theft and Fraud Prevention” below).
  • We may share your vulnerable information with Social services, and with medical and healthcare professionals or other similar support agencies and provide this information to other energy suppliers in line with the Energy UK “safety net procedures” if you decide to change supplier.  We may also share this information with the relevant gas transporter, metering agents or network operator.
  • If an organisation takes over all (or nearly all) of our business or assets, we may pass your personal information to them and we may pass details of any debt you may have with us to your future service provider.
  • To other parties connected with your account for example if you have provided a delegation of your authority to a partner, relative or a friend to allow them to assist you in dealing with your account.
Information shared with Nectar Loyalty Limited and Sainsbury’s

As a Sainsbury’s Energy Customer, we will share some of your details with Nectar Loyalty Limited to enable Nectar to allocate you your points.  How Nectar will use your information is set out here.

We may also share your information with Sainsbury’s who will use your information for statistical analysis and to help them understand more about their customers. You can find out more about how Sainsbury’s will use your information here.

Theft and Fraud Prevention
  • If we suspect that someone has committed fraud or stolen energy by tampering with the meter or interfering with the supply we will record this information on your account and we may share this information (for as long as you have an account with us) on a regular basis (including occupier details, property type and consumption data), with the industry appointed TRAS Fraud Prevention Agency (including their sub-contractors (if any)) who will use that information and that of other customers (whether or not supplied by us) to check public and other databases they hold or have access to so that they can profile geographical, behavioural and other similar trends for the purpose of theft and fraud risk assessment and to generate leads based on that analysis which they will pass on to us for the purpose of preventing and detecting the theft of energy and the prosecution of offenders (“theft leads”).
  • The TRAS Fraud Prevention Agency will hold this information and may provide it to other energy suppliers (where you have an energy account with them) or to Ofgem and other industry bodies in accordance with agreed industry processes and the information may continue to be used even following termination of this agreement where you are supplied by a different supplier. We may use any information we have collected as well as any theft leads received from third parties including the TRAS Fraud Prevention Agency to (where relevant and appropriate) detect, investigate, pursue (including prosecute) and prevent (in so far as possible) theft and fraud.
  • If we suspect or confirm that you have committed energy theft a record of this will be kept by us and the TRAS Fraud Prevention Agency.  We may use this information to assist us in making decisions about your payment arrangements and the products and services we offer you in the future.
How we may share your personal information with credit-reference agencies

We will search the files of credit-reference agencies and gather information from fraud-prevention agencies and use information we already hold about you for internal credit risk and debt management purposes and to help us assess your ability to pay our bills and to make decisions about the payment arrangements that are most suitable for you and the products and services that we can offer you. We may also use the information to verify your identity and to assist in the prevention of crime.  Set out below is a brief guide to how we and the credit reference agencies and fraud prevention agencies will use your information.

You must ensure that if you are providing information about other people that they agree to us having their information for the purposes you are providing it.  If you give us false or inaccurate information we will record this and may also pass this information to fraud prevention agencies and other organisations (such as the police) involved in crime and fraud prevention who may also use this information.

When credit reference agencies receive a search from us, for example, when you apply to take supply from us or when you move home, they will place a search footprint on your credit file that may be seen by other organisations.

We may share information on your accounts that we hold or open for you and how you manage it/them to credit reference agencies and where relevant with fraud prevention agencies. 

If we consider that your account is in default (i.e. you have not paid us and are in breach of your agreement with us) we will notify you and if you do not pay us we will report the unpaid debt to credit reference agencies who will record that default on your credit file.  If you set up an instalment plan, or some form of payment arrangement with us, then a payment arrangement flag may be recorded on your file.  We may record such a flag irrespective of whether or not you are a current customer with us or a previous customer whose account was closed with an outstanding debt that remains to be paid by you.

The information we share may be supplied to other organisations (such as banks, other utility companies, companies who offer you credit to purchase goods and services) by credit reference agencies and fraud prevention agencies to perform similar checks to those set out above and to trace your whereabouts if you have moved without providing a forwarding address so that they (and we) can recover debts that you owe. The credit reference agencies keep records for 6 years after your account has been closed, you have paid the debt or action has been taken against you to recover the debt.

We and other organisations may access and use information recorded by fraud prevention agencies from other countries.

If you would like more information, you can find a full version of how your data will be used and shared with credit reference and fraud prevention agencies at sainsburysenergy.com/legal/credit-checking or you can call us on 0800 088 4127 (should be free from all mobiles and generally free from all landlines) and we will email you further details.

Automated decision-making and profiling

The law requires that we tell you if our systems conduct any processing, including profiling, which produces a decision that is completely automated and produces legal effects concerning you or similarly significantly affects you.  We do not consider that any of the automated decision-making, including profiling, that our systems conduct fits this criteria. 

Like all energy retailers, we do undertake necessary automated decision-making and profiling in our system to make setting up and servicing your energy supply efficient and accurate, such as verifying information you provide us on signup, matching your quote to your customer records, assigning the correct price to your property for your metering configuration, obtaining meter reads, estimating consumption, billing you, and tracking and recovering debt etc. If you wish our staff to review a decision taken by our system, we are prepared to do so.  See below under the heading ‘Who is your data controller?’ for details of how to contact us to request this.

We also conduct ‘profiling’ manually for our general business purposes like business analytics- see ‘How do we use your personal information?’ and ‘Legitimate interests’ for examples of the sorts of activities that we conduct which rely on the ‘legitimate interests’ legal ground. These types of general business purpose analytics are designed to help us make decisions about our customer base generally, rather than a specific decision about you.

When do we pass your personal information outside the EEA?

There are a number of instances where we may pass your personal information outside of the European Economic Area (EEA) to countries that do not have the same data protection standards as we do in the UK. Firstly, we and our processors make sure that it happens with the relevant legal protection in place. Secondly, we always know when this occurs and make sure relevant security and contractual protections are in place.  The countries we pass such information to are:

  • New Zealand. One of our sub-processors which undertakes development of our IT systems is based in New Zealand, along with other sub-processors they use.  New Zealand holds an adequacy decision from the European Commission.  This is authorised under Article 45 of the GDPR;
  • United States. We primarily rely on Privacy Shield certification to ensure these data transfers are legal, and also EU model clauses. This is authorised under Article 46 of the GDPR;
  • Australia.  We use a US based sub-processor with infrastructure in Australia who has entered into a data processing addendum including model clauses.
Data Retention

We will keep any personal information that we process for the following retention periods:

Personal information processed

Retention period

Quotes

2 years

Telephone recordings

6 months

Information necessary for the purpose of our contract with you

7 years

Information processed for our legitimate interest as a business except theft and fraud reporting

2.5 weeks

Theft and fraud reporting

2 years

Information processed about you when you have failed to pay so we can ensure we carefully consider any switch backs

3 years

Information processed as a result of a credit check

7 years

Information kept for the purpose of complying with a legal obligation

7 years

 

Security

Sainsbury’s Energy complies with the security standards required by law, to protect your personal information. Any personal information you send via the post or email is at your own risk but once we receive it we use strict procedures to safeguard it.

If you are a Sainsbury’s Energy customer, you are responsible for your email address and password. Your user name and password can only be used in connection with purchasing products for the supply of energy to your property or properties. You should not tell anyone else your password or user name, and if you do, you are responsible for paying for energy they buy from us.

When you use your debit card or credit card during signup or on our online web portal, the debit card or credit card information is transmitted using Secure Socket Layer (SSL) protocol, this encrypts your information. Sainsbury’s Energy keeps only some of your debit card or credit card details. However, your full credit card and debit card details will be encrypted and securely stored by our online payment providers (currently Mastercard and Lloyds). Make sure you always logout when you have finished using the Sainsbury’s Energy customer website, especially if you access Sainsbury’s Energy from a shared computer.

What rights do you have over your personal data?
  • Information:  You are entitled to know a range of information about your personal information such as what we collect about you, how we use it, who we share it with, what legal grounds we rely on, how to exercise your rights etc.  This privacy notice gives this information about our customers’ personal information, and the website privacy policy gives this information about our website visitors’ personal information.
  • Access: You are entitled to know what personal information we hold about you at any time. (If you write to, email or phone us and ask to see this information, it is known as a ‘Subject Access Request’ or ‘SAR’ for short). When we receive your request, we will send you a form to fill in, along with identity checks. If you do not return the form and/or answer our phone calls to verify you have made this request, we will not be able to deal with your request.
  • Data Portability:  You can request the personal information you provide to us in a commonly used and machine-readable format. We already allow you to access your information online (including the ability to export your meter reads), but if you need other information or you don’t want to access it online you can contact us.
  • Accuracy/Rectification:  You can check that the personal information that we hold is accurate, or to let us know of any changes to your personal information. We always try to ensure that the information that we hold is accurate, up to date and relevant. We’ll be more than happy to make changes or to correct any inaccuracies.
  • Deleting/ Erasure:  You can ask us to delete some or all of your personal information in certain circumstances (e.g. we no longer need it), and we are obliged to delete it. We can refuse to delete that information if those circumstances don’t apply e.g. we still need it to supply you with energy.
  • Restriction on use:  You can ask us to temporarily stop using the personal information in the following circumstances:
    • where you think your personal information is not accurate, we will temporarily stop using it until we have verified the accuracy of it, if we cannot resolve the accuracy of it straight away;
    • where you have objected to our use of the personal information (in circumstances where it was necessary for the performance of a public interest task or for our legitimate interests as a business), and we are considering whether our legitimate interests as a business override your rights to object to our use of it;
    • when processing is unlawful, and you don’t want us to erase it, and request restriction instead; or
    • if we no longer need the personal information but you want it to establish, exercise or defend a legal claim.

If we have shared the personal information in question to third parties, we must inform them about the restriction on the processing of the personal information, unless it is impossible or involves disproportionate effort to do so. We must also inform them when we decide to lift a restriction on processing.

 

  • Right to withdraw consent:  Most of the personal information we require is necessary to supply you with energy, and we don’t rely on consent to use and retain it.  However, we do rely on your consent to contact you for direct marketing and to store and/ or share your personal information for our Priority Services Register. You can provide or withdraw your consent for either of these situations by calling or emailing our call centre (see below) or online:
    •  for direct marketing, you can log on, go to the Settings tab, then the Accounts tab, Privacy & Data, then turn on or off the direct marketing option (as desired); or
    • for the Priority Services Register, you can log on, go to the Settings tab, then the Properties tab, then change the Priority Services Register settings for each fuel and each property we supply. 

 

We also rely on your consent to receive crash reports, if you have downloaded and use our mobile app. If you are not comfortable with us or those third parties receiving this information, do not consent to the crash report being sent when prompted. You can control whether Apple receive information about errors or crashes on your device when you first setup your device. You can control whether Android receives information about errors and crashes, by checking your device settings.

  • Right to object to processing based on our ‘legitimate interests’ as a business:  If we rely on the legal grounds that we have a legitimate right as a business to use your personal information (as opposed to any other legal ground) then you have a right to object to us using your personal information for these purposes.  See above under the heading ‘How do we use your personal information?’ and ‘Legitimate interests’ for examples of the sorts of activities that we conduct which rely on the ‘legitimate interests’ legal ground.

You can exercise your right to object you can call or email our call centre (see below) or log on, go to the Settings tab, then the Accounts tab, Privacy & Data, then turn on or off the ‘legitimate interests’ option, and/ or the ‘web tracking and analytics’ option (as desired).  If you do not want us to use Google Analytics in respect of your use of the mobile app then you can turn this off in the mobile app on each device by going to the main menu of the app then: >Settings> Google Analytics.

  • Right not to be subjected to automated decision-making:  You have the right not to be subject to a decision based solely on automated processing which produces legal effects or similarly significantly affects you, except where we do so for the purposes of your energy supply, it is authorised by law, or you consent to it.  In those circumstances you are entitled to at least contest any such decision and obtain a review.  Our systems do not have automated processing that fulfil these criteria, but in any event if you wish our staff to review a decision taken by our system we are prepared to do so.
  • Complain:  If you think we are using or processing your personal information in a way that is not consistent with this privacy notice or with the law, you can lodge a complaint with the Information Commissioner’s Office. Contact details are available at https://ico.org.uk/concerns/.  We would always prefer you to contact us first though, to see if we can answer your concerns.

 

You can exercise any of these rights by contacting us as set out below under ‘Who is your data controller?’ below.

 

Who is your data controller?

PS Energy UK Limited trading as Sainsbury’s Energy is the data controller for your personal information in relation to your Energy Services. Nectar Loyalty Limited are also your data controller if you have a Nectar card.  Sainsbury’s Group are your data controller once any of your personal information is passed to them by us for statistical analysis.

You can contact PS Energy UK Limited to exercise any of your rights or if you feel that we are not complying with the terms of this privacy notice by:

  • Contacting us using the ‘Contact us’ form on our website www.sainsburysenergy.com or our mobile app; or
  • calling our call centre on 0800 088 4127 (should be free from all mobiles and generally free from all landlines);
  • logging on, going to the Settings, then Privacy & Data, then turning off the direct marketing option;
  • writing to us at Data Protection Officer, Sainsbury’s Energy, 9th Floor, Quayside Tower, 252-260 Broad Street, Birmingham B1 2HF

You can contact Nectar Loyalty Limited to exercise any of your rights or if you feel they are not complying with the terms of their privacy notice in relation to your Nectar Points by:

  • writing to Nectar Loyalty Limited at Data Protection Officer, 6th Floor, 80 Strand, London, WC2R 0NN;
  • calling Nectar on 0344 811 0811 to raise any questions or concerns.

You can contact Sainsbury’s Group to exercise any of your rights if you feel they are not complying with their privacy notice when any of your personal information is passed to them by:

What if we update our privacy notice or you have any questions?

This Notice was updated in April 2019 and it replaces any previous privacy notice we may have provided to you.  We do keep our privacy notice under regular review but we will email our customers regarding any significant changes. If you have any questions please do contact us through using the ‘Contact Us’ forms on our website or our mobile app, calling our call centre on 0800 088 4127 (should be free from all mobiles and generally free from all landlines) or emailing privacy@sainsburysenergy.com.

*Calls to 0800 and 0808 numbers should be free from all mobiles and generally free from all landlines. Calls may be monitored and/or recorded for security, quality or training purposes.