Viridian Group Privacy Statement
1. Introduction
Protecting our customer and employee personal data is important to Viridian Group and details of how we collect, use, store, share and protect customer and employee data is explained in privacy policies that we provide to our customers and employees. This Privacy Statement provides you with information on how we process personal data we obtain through this website, or otherwise than from our employees and customers, in compliance with Data Protection legislation.

Personal data may be provided to us by you directly or by a third party.

This Privacy Statement may be supplemented by other privacy notices tailored to our specific relationships with you. This is to make sure you have a full picture of how we collect and use your personal data.

Before providing us with personal data about another individual you must: (a) inform the individual about the content of this Privacy Statement and any other applicable privacy notices provided to you; (b) obtain their permission to share their personal data with us in accordance with this Privacy Statement and other applicable privacy notices; and (c) obtain any legally required consent, where applicable.
 
2. Company Information
The Viridian Group, a portfolio company of I Squared Capital, is the leading independent energy company in the all-Ireland market. The Viridian Group comprises of Power NI, the Energia Group and the Power NI Power Procurement Business. Further information can be found at https://www.viridiangroup.co.uk/.
 
3. Definitions
3.1         Data Protection Legislation refers to the General Data Protection Regulation 2018 (EU 2016/679), the UK Data Protection Act 1998, the Irish Data Protection Act 2018, the UK Privacy and Electronic Communications Regulations 2003, the Irish European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 and any relevant transposition, successor or replacement of any of the foregoing laws and any other laws in force in the UK or Ireland (to the extent applicable) relating to data protection.

3.2         Personal Data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.3         Special Category Personal Data is personal data about an individual’s racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic information; biometric information; and sex life or sexual orientation.

While criminal allegations, proceedings or convictions are not classified as special category personal data there are separate safeguards set out under the Data Protection Legislation.

4. Data Protection Principles
We will comply with the six data protection principles in the GDPR, which state that personal data must be:
  1. Processed in a lawful, fair and transparent manner (Lawfulness, Fairness and Transparency)
  2. Processed only for specified, explicit and legitimate purposes and not further processed in a way that is incompatible with those purposes (Purpose Limitation)
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (Data Minimisation)
  4. Accurate, and where necessary, kept up to date, erased or rectified without delay (Accuracy)
  5. Kept in a form which does not permit identification of data subjects for longer than necessary for the purposes for which the personal data is processed (Storage Limitation)
  6. Processed in a manner that ensures appropriate security of the personal data including protection against accidental loss, destruction or damage using appropriate technical or organisational measures (Integrity and Confidentiality)
 
5. Data we may Collect
We, or third parties on our behalf, collect your personal data when you use our website, communicate with us by phone, letter, email, social media or in person, or receive our products and/or services. We do not generally process Special Category Personal Data or data relating to criminal offences or convictions, save as may be set out in our Employee Privacy Statement or Customer Privacy Statement furnished to you. Otherwise such data would only be processed in the exercise, establishment or defence of a legal claim or in the context of legal proceedings or a criminal investigation.

We would ask that you keep us informed (by email, telephone, or in writing) of any changes in your personal data so that we may have our records up to date at all times.
 
6. How we use your Information
The information we obtain about you is confidential. We will only process personal data in relation to a contract or to take steps prior to entering into a contract; to respond to your queries or complaints, where the processing is necessary to comply with our legal obligations; for our legitimate interests or the legitimate interests of others in protecting and developing our businesses and assets; where the processing may be necessary for the protection of your vital interests; or where you have given your consent.

The information which we obtain and hold about you or your company will be used to provide you with information for the purpose of communicating with you and/or your company. The information will also be used to manage and administer this site.

Examples of our legitimate interests in processing personal data are set out below to the extent these do not otherwise fall within one of the other legal grounds specified in this statement:

6.1         Communications, Facilities and Emergencies: Facilitating communication with you, ensuring business continuity, safeguarding and maintaining IT infrastructure, facilities and other property.

6.2         Business Operations: pursuit of our commercial activities and objectives, or those of a third party (for example, by carrying out direct marketing); assessing applications for employment or tenders submitted to us, managing product and service development, communicating with customers and suppliers, improving products and services, managing company assets, strategic planning, project management, business continuity, maintaining records relating to business activities, communications, managing mergers, acquisitions, sales, reorganisations or disposals and integration with purchaser, protection of our business, shareholders, employees and customers, or those of a third party (for example, ensuring IT network and information security, enforcing claims, protecting physical assets); and analysing                competition in the market for our services (for example, by carrying out research, including market research).

6.3         Compliance: Complying with legal and other requirements, such as tax deductions, record-keeping and reporting obligations, conducting audits, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as subpoenas, summons or warrants, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal policies and procedures.
 
7. Providing Information to Third Parties
7.1         We will not disclose your personal data to a third party without your consent unless we are satisfied that they are legally entitled to the data or where we are satisfied that we or the third party recipient has a legitimate interest in disclosing or receiving such personal data and your rights are not unduly prejudiced as a result.  Some categories of potential recipients or categories of recipients with whom we may share information:
  • External third party service providers, such as auditors, experts, lawyers and other professional advisors; IT systems, support and hosting service providers; document and records management providers and other third party vendors and outsourced service providers that assist us in carrying out our activities.
  • We may also share personal data with: (a) government or other public authorities (including, but not limited to, courts, regulatory bodies, law enforcement agencies, tax authorities and criminal investigations agencies); and (b) third party participants in legal proceedings and their accountants, auditors, lawyers, and other advisors and representatives, as we believe to be necessary or appropriate;
 
8. Retention of your information
8.1         We will retain your personal data only for as long as is necessary for the purposes for which it was collected and in order to comply with our regulatory and legal or business requirements. This may be up to 7 years but only if such personal data is relevant to a contractual matter or other legal obligation to you. Personal data may be retained for longer periods in the context of legal proceedings or where we are required by statute to retain the personal data for a longer period of time.
 
 
9. Your rights
9.1         The General Data Protection Regulation provides you with a number of rights under the legislation. You have the right to:
  1. Request access to any personal data we hold on you.
  2. Request to have any inaccurate data held about you amended.
  3. Request, in certain circumstances, the deletion of your personal data where there is no compelling reason for us to continue to process it.
  4. Request the restriction of the processing of your personal data, in certain circumstances.
  5. Request in circumstances where the personal data you have provided in a structured, commonly used and machine readable format be provided to you or transmitted directly to another organisation.
  6. Withdraw your consent for any processing of your personal data which is based on your consent.
  7. Object to processing which is undertaken based on legitimate interests e.g. direct marketing
  8. Not to be subject to automated individual decision making, including profiling, which produce legal effects concerning you or similarly significantly affects you unless it is necessary for the entry into or performance of a contract, authorised by EU or member state law; or based on your explicit consent.
  9. Lodge a complaint with the relevant Data Protection Authority.
 
10. Protecting your Information
10.1       We are committed to protecting your personal data and to implementing appropriate technical and organisational security measures to protect it against any unauthorised or unlawful processing and against any accidental loss, destruction, or damage.
 
11.  Data Protection Contact
11.1       If you have questions or concerns as to the manner in which your personal data is being handled or if you require any further information you can contact the Group Data Protection Officer using the details below:
               Group Data Protection Officer
               Greenwood House, 64 Newforge Lane, Belfast, BT9 5NF
               Email: Dataprotection@viridiangroup.co.uk
 
12. Statement Review
12.1       This statement will be regularly reviewed to ensure we continue to meet our obligations in processing your personal data and protecting your privacy. If we make any significant changes to the Statement we will inform you.
 
Last updated May 2018