Scottish Power Limited (“ScottishPower”) respects the privacy of everyone who uses its services. We are obligated by the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR) to inform you of ways we use your personal information. Please read our privacy notice to understand our approach to processing your personal data. When you submit your personal information to us, you give us permission – where necessary and appropriate – to process it in ways outlined within this privacy notice.
The purpose of this privacy notice is to inform you of the ways in which your personal information is processed when it is provided by you via our website.
You, the Data Subject, are the Data Controller of your Personal Information. The Data Processors of your personal information are as follows:
ScottishPower will only process your data on your behalf as Data Controller.
We collect your personal information for a number of reasons. Personal information that we collect is taken from a profile form, surveys and feedback for members.
The reasons for collecting this information are as follows:
If you would like us to stop using your personal information at any time for any or all of the purposes outlined above, please contact us as set out in the ‘Contact us’ section and we will consider your request in line with the GDPR and any other applicable data protection legislation.
In accordance with GDPR, the lawful bases upon which we process your personal information are:
Your personal information will occasionally be transferred to third party organisations, some of whom may be located outside of the European Economic Area (EEA), as part of the services that we offer to you. For example, this could happen if any of our servers that store your personal information are located in a country outside of the EEA, or when one of our service providers is located in a country outside of the EEA.
The agreements that we have with these third party organisations are such that they will not use your personal information for any other purposes other than those we have agreed with them. We explicitly request that any third party organisations with whom we share personal information implement adequate levels of protection to safeguard your personal information in accordance with the GDPR and any other applicable data protection legislation.
In line with this privacy notice, we will not share or transfer your personal information without your permission, unless we are under a legal obligation to do so (for example, for the purposes of legal proceedings or fraud/crime prevention) or where such an action is necessary to protect and/or defend our rights, property or the personal safety of our staff, customers or other individuals.
In the course of interactions, we may automatically collect some of your non-personal information, such as the website from which you accessed ours or the type of internet browser you are using. We may also collect aggregated data which in itself does not personally identify you, such as your age or your city of residence. Information such as this is only used to help us provide an effective service and sometimes we may supply this non-personal information to third parties for statistical purposes.
In line with this privacy notice, it is our responsibility to maintain the accuracy of the personal information we hold and process about you. If you would like to review, change or delete the personal information that you have given to us, please contact us as set out in the ‘Contacts’ section below.
In accordance with our Retention Schedule, we will retain your personal information for no longer than 5 years but in the event of you been an employee of SP this period will be in accordance with the retention period as prescribed as part of your HR records retention schedule and once this period expires,all personal data will be securely destroyed.
Other circumstances in which SPCW may disclose your Personal Information
We may disclose your Personal Information to any member of our Group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
We may disclose your Personal Information to third parties:
We have taken all reasonably applicable appropriate technical and organisational measures in accordance with the GDPR to protect your personal information against unauthorised or unlawful processing and against accidental loss, destruction or damage. We are committed to updating these measures appropriately as and when new technology becomes available.
In accordance with GDPR, you can contact us at firstname.lastname@example.org to exercise any and all of the following rights that you have available in relation to our processing of your personal information:
Additionally, you have the right to lodge a complaint with our Data Protection Officer at email@example.com if you believe that your personal information is not being processed in line with this privacy notice. If you are not satisfied with the response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) by contacting:
Information Commissioner's Office
Tel: 0303 123 1113
We may change this privacy notice from time to time. If we do, we will post the changes on this page and detail any substantial changes to the way in which we process your personal information if applicable. We recommend that you check our privacy notice on a regular basis to stay informed of any updates.