Electricity Exchange Data Privacy Statement

Who Are We?

This is the Data Privacy Statement of Electricity Exchange based at Stewart House, Lonsdale Rd, National Technology Park, Co. Limerick; our phone number is +353 61 598 000.

We are a leading provider of demand response technologies and services, deploying our latest technologies to deliver additional revenue directly to commercial and industrial electricity consumers’ bottom line, enabling our clients to support the electricity system with minimal impact on their business.

About This Statement

This Data Privacy Statement is designed to demonstrate our firm commitment to privacy, our compliance with the General Data Protection Regulation (GDPR) and to inform you of the personal data that we collect and process in connection with your interaction with Electricity Exchange.

It also sets out details of what personal data we process, why we process it, with whom your personal data is shared, and a description of your rights with respect to your personal data.

Personal Data Processed

The personal data we hold, process and retain will be used for the management of your account, for administrative purposes and for meeting our legal and regulatory obligations. We hold it and use it to protect your rights and interests and to manage our relationship with you appropriately, effectively and lawfully.

Where there is a need to process your data for a purpose other than those set out in this Data Privacy Statement, or otherwise outlined to you, we will inform you of this and, if required, we will seek your consent.

We store personal data for all client companies of nominated contact individuals, including names, phone numbers and email addresses. We take steps to keep these details as up-to-date as possible. We never use this data for any purpose other than the management of our operations and the fulfillment of our contract with you.

Our system generates text messages to nominated contacts when service issues arise that need attention. Logs of these messages are kept securely for 6 months, after which they are deleted. These contain mobile numbers and the details of the messages and responses.

If you submit your details to request a consultation, on our contact us form or any other similar form that we may implement in the future, we may save your personal details in our customer relationship management (CRM) database. We retain these details for an appropriate period, after which they are deleted.

We record all calls that we receive to our +353 61 598 000 number for training and quality purposes, using Zoiper softphone software. This data is securely retained only for a one month period.

How is your Personal Data Shared?

Your personal data may be disclosed to third parties where we are legally obliged to do so. It will also be disclosed during activities where we have lawful contractual agreements in place that enable us to operate Electricity Exchange

We process your personal data in the course of providing our services with the following sub-processors, who have all confirmed GDPR compliance:

  • Google Suite (including Google Drive for storage and Gmail for email)
  • Google Analytics (for analyzing website performance)
  • Amazon Web Services (a cloud hosting service)
  • Twilio (a text messaging platform)
  • CRM Insightly (customer relationship management software)
  • Zoiper Softphone Software (phone management software)

We also share personal contact details for employees nominated by client companies with sub-contracted engineers who perform site installations on our behalf. All of our sub-contractors have signed professional services contracts instructing them on how to process any personal data we share with them, in terms of keeping the information secure and private, and not retaining it for any longer than necessary.

Subject Access Requests

You have the following rights under data protection law;

  • Information Request. The right to receive a copy of and/or access the personal data that we hold about you, together with other information about our processing of that personal data.
  • Update Data. The right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update your data such that it is complete.
  • Data Deletion. The right, in certain circumstances, to request that we erase your personal data.
  • Restrict Processing. The right to object to our use of your personal data or the way in which we process it.
  • Object to Processing. The right, in certain circumstances, to request that we no longer process your personal data for particular purposes.
  • Data Portability. The right, in certain circumstances, to transfer your personal data to another organization.
  • Review Automated Decisions. The right to object to automated decision making and/or profiling

If you have a request, please contact us by email at info@electricityexchange.com You must provide a copy of identification such as a driver’s license or passport, and if you require that we reply by post, you must include a copy of a utility bill from within the last six months to provide proof of your postal address

We fulfill all subject access requests within one month, where possible. In situations where requests are complex, we may need more time, but we will notify you of the delay within one month and will not take longer than two months in total. There are also situations where we cannot supply the personal data, and if this arises we will inform you and give a full explanation

If you have a complaint about how we have handled your personal data or a subject access request, please contact Sean Finn, Quality Manager, at sean.finn@electricityexchange.ie

You also have the right to complain to the Data Protection Commissioner if you are not satisfied with how Electricity Exchange has dealt with your Subject Access Request.

Security

Electricity Exchange takes the security of your personal information very seriously. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed

These measures include providing a highly secure infrastructure, having detailed policies and procedures for data protection and providing staff training and awareness. We review these measures regularly

In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality

Data Breach Management

We fully comply with GDPR requirements in relation to data breach management. We commit to report these within 72 hours to the Data Protection Commissioners, to inform affected data subjects as soon as possible, to log all breaches internally and put corrective action in place to ensure that they do not reoccur.

Will Your Personal Data Be Transferred Abroad?

No, all of our personal data is managed on servers based within the EU.

Changes to this Privacy Statement

Electricity Exchange reserves the right to make changes to this privacy statement at any time by giving notice to its users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

Date Published: 12/07/2018

This Project was supported by the Local Enterprise Office Limerick through co-founding from the Irish Government and the European Regional Development Fund 2014-2020

The project contributes to the SME support, promotion and capability development theme of the ERDF co-funded programme

Copyright © 2016 Electricity Exchange