Why do we collect information about you?
We need to collect and hold information about you, in order to:
- confirm your identity to provide some services;
- contact you by post, email or telephone;
- understand your needs to provide the services that you request;
- understand what we can do for you and inform you of other relevant services and benefits;
- obtain your opinion about our services;
- update your customer record;
- prevent and detect fraud and crime in the use of public funds;
- make sure we meet our statutory obligations including those related to diversity and equalities;
- help us to build up a picture of how we are performing at delivering services to you across your area.
It is important to be aware that we may not be able to provide you with a product or service unless we have enough information, or your consent to use that information.
We process personal data including but not limited to:
- Name, address and contact details
- Correspondence with you, such as information you have provided
- Information regarding your personal circumstances
- Information regarding living individuals (e.g. householders, suppliers, staff)
- Financial details
- Data provided to prove your identity
We process sensitive data such as:
- Physical or mental health conditions
How we Use your information
We will use the information you provide in a manner that conforms to the GDPR. We will endeavor to keep your information accurate and up to date and not keep it for longer than is necessary. In some instances the law sets the length of time information has to be kept.
We will process your information for the following purposes:
- for the service you requested, and to monitor and improve our performance in responding to your request
- to allow us to be able to communicate and provide services and benefits appropriate to your needs;
- to ensure that we meet our legal obligations;
- to prevent and detect fraud or crime;
- to process financial transactions including grants.
We will not pass any personal data on to third parties, other than to those who are delivery partners or process information on our behalf, or because we are required or allowed to do so by law. and where possible we will only do so after we have ensured that sufficient steps have been taken to protect the personal data by the recipient.
We will not disclose any information that you provide ‘in confidence’ to us, to anyone else without your consent, except in the few situations where disclosure is required by law, or where we have good reason to believe that failing to share the information would put someone else or yourself at risk. You will be told about this.
The data that we and our delivery partners hold on data subjects is only held on our systems to enable us to deliver the requirements of our funders who require us to hold data to deliver support to data subjects. Will ask all data subjects for their consent to store data and the timescales that we will need to keep their data for so that we can provide a service and offer ongoing support. Data will be stored within the European Union and not transferred to any third party country or International organisation.
Telephone calls and Emails
When making an enquiry on our website you will be required to enter your contact number and email address. We will then use this data to contact you and provide the support/advice that you require. Ordinarily, we will inform you if we record or monitor any telephone calls you make to us. This will be used to increase your security, for our record keeping of the transaction, and for our staff training purposes. If you email us we may keep a record of your contact, your email address and the email for our record keeping of the transaction. We suggest that you keep the amount of confidential information you send to us via email to a minimum or contact us by post instead.
Using our Website
Our website does not store or capture personal information. It does not use automated decision making or profiling. It merely logs a number called your IP address which is automatically recognised by the system. Our web team use Google Analytics to record visitors’ use of the site and we use this information to inform our changes to the layout of our website and to the information in it. Log files do not contain any personal data and they are not used to identify any individual patterns of use of our website.
Our systems will capture and record personal information if you:
- subscribe to or apply for services that require personal information,
- report a fault and give your contact details for us to respond,
- contact us and leave your details for us to respond. Any forms on our website that capture personal information are secure.
We may need to pass your information to other people and organisations that provide a service to support your needs. These providers are obliged to keep your details securely, and we use them only to fulfil your request or deliver the service. If we wish to pass your sensitive or confidential information
onto a third party, we will only do so once we have obtained your consent, unless we are permitted to do so under the GDPR or are legally required to do so.
We may disclose information when necessary to prevent risk of harm to an individual.
We may disclose information to other partners where it is necessary, either to comply with a legal obligation, or where permitted under the GDPR, e.g. where the disclosure is necessary for the purposes of the prevention and / or detection of crime. In some of these arrangements we may become joint data controllers or data controllers in common with the other organisation(s).
How we Protect your information
Our aim is not to be intrusive, and we won’t ask irrelevant or unnecessary questions. The information you provide will be subject to rigorous measures and procedures to make sure it can’t be seen, accessed or disclosed to anyone who shouldn’t see it.
We provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or do not look after your personal information properly. We will not keep your information longer than it is needed or where the law states how long this should be kept. We will dispose of paper records or delete any electronic personal information in a secure way.
Data subjects rights
You have the following rights under GDPR:
- Right to access the data held by us
- Right to rectification
- Right to erasure (right to be forgotten)
- Right to have any data processing restricted
- Right to data portability
- Right to object
Right to access
You are entitled to request access to any information about you that we hold, and we have a form which you can use to make such a request.
Right to rectification
We try to ensure that any information we hold about you is correct. There may be situations where you find the information we hold is no longer accurate and you have the right to have this corrected.
Right to erasure/be forgotten
You have the right to request that Act on Energy and its delivery partners who we work with; stop processing your personal data in relation to any service that we offer. However, this may cause delays or prevent us delivering a service to you. Where possible we will seek to comply with your request but we may be required to hold or process information to comply with a legal requirement.
Right to data restriction
You have the right to ask for a restriction of processing of your data if you believe that:
- The accuracy of the data held by us is incorrect and you want to contest it
- The processing is unlawful
- We no longer need to keep the data, but you require it for establishment, exercise or defence of a legal claim
- Pending legitimate grounds of interests of controller over the data subject.
This may cause delays or prevent us delivering a service to you. You will be informed by us before any restriction is lifted.
Right to Data Portability
You have the right to ask us to move/transfer your data to another organisation. We will provide this information in an appropriate and readable form such as a CSV file. We will fulfill this request within one month of the request been made unless the request is complex or we receive multiple request for data and this would extend the request for a maximum of two months. We would respond within a month if this was the case.
Right to Object
You can contact us directly regarding any of these rights, please see the address details provided below. Alternatively, for objections and complaints, you can also contact the UK supervisory body – ICO at https://ico.org.uk.
Notification is the process where organisation’s register what personal data they use and how they use it with the Information Commissioner (ICO). The Data Protection Act 1998 requires every data controller who is processing personal data to notify unless there is a legal reason for them not to. Each entry includes the name and address of the data controller and a general description of the processing of personal data by a data controller. You can consult the register to find out what processing of personal data is being carried out by a particular data controller. You can search the ICO’s Register of Data Controllers to see our notification details; our registration number is Z6791554
Here, at Warmer Homes West Midlands, we can be reached in the following ways:
By post: Warmer Homes West Midlands C/O Act on Energy,
Unit 1.4 Lauriston Business Park, Pitchill, Salford Priors, Warwickshire, WR11 8SN
By phone: 0800 288 9881 (0808 196 8298 previously)
By email: firstname.lastname@example.org
Our key contact for any enquiries related to Data Protection is Rachel Jones – Chief Executive Officer.
Act on Energy has a Data Protection Officer, their details are:
Mr. Peter Venes
Phone: 01908 395500
Reviewed bi-annually – Next review April 2023