Privacy Notice
Introduction
This Privacy Notice details how Dalkia UK applies data protection principles to processing data.
Dalkia UK (“Dalkia”, “we”, “us” or “our”) is strongly committed to protecting personal data. We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Personal data is any information relating to an identified or identifiable living person. Dalkia UK processes personal data for a number of purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
The objective of this Privacy Notice is to be transparent about how and why we process your personal data.
The Data Protection Act 2018 (DPA 2018) enacted the EU GDPR requirements in UK law. The UK government EU Exit Regulations amend the DPA 2018 and merge it with the requirements of the EU GDPR to form a UK data protection regime, this regime is known as the ‘UK GDPR’.
Who we are
Dalkia UK collects, uses, stores and is responsible for certain personal information about you. When we do so we are regulated under the UK GDPR and we are responsible as ‘controller’ of that personal information for the purposes of data protection law.
The personal information we collect and use
In the course of performance of our business functions we collect the following personal information when you provide it to us:
1. Employees
We collect personal data concerning our employees as part of the administration, management and promotion of our business activities. The information collected may include but is not limited to:
- Contact information such as your home address and contact details (including your mobile telephone number and email address)
- Identification documentation such as your passport and driving licence details
- Recruitment records including your CV, employment history, academic history and any references received
- Payment information including your bank account details, salary amount, pay records, national insurance number and pension records
- Holiday, sickness and other absence records
- Information collected in relation to your use of email, the internet and our telephone system
- Images of you that are captured on CCTV systems operated by us and office entry and exit information
- Images used for marketing purposes
- Contact details for next of kin including their name, address and telephone number
We may also collect your sensitive personal data to enable us to comply with our legal obligations as an employer. This information includes but is not limited to:
- Information related to criminal offences and proceedings which we may gather as part of background checks that we conduct
- Diversity-related information including details of your gender and age
- Information relating to your physical and mental health that may be contained in sickness absence requests and health and safety records
- Results from occupational health monitoring
2. Recruitment applicants
In connection with your application for work with us, we may collect personal data directly from you when you apply for a role and also from third parties, such as professional recruitment companies and your referees and prior employers. We may also collect personal data about you that is online to the extent that you have chosen to make this information publicly available, for example, from your profile on professional social media websites (such as LinkedIn). We will collect this data for our general business purposes, including conducting the recruitment process, and to also comply with our legal obligations as an employer.
The information that we collect may include but is not limited to:
- Contact information such as your home address and contact details (including your mobile telephone number and email address)
- Images of you for identification purposes
- Recruitment records, including your CV, employment history, academic history and any references received
- Exam results and educational or work-related achievements
- Identification documentation such as your passport and driving licence details
If you receive an offer from us, we may then conduct a background check and, to the extent permitted by applicable law, we may also collect data related to criminal offences and proceedings to enable us to comply with our obligations as an employer.
3. Suppliers (including subcontractors and individuals associated with our suppliers and subcontractors)
We collect and process data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, to enter into contracts, to receive services from our suppliers and, where relevant, to provide professional services to our customers.
The information that we collect may include but is not limited to:
- Name
- Business email address
- Business address
- Business contact number
We use personal data for the following purposes:
- Receiving services
- Providing professional services
- Administering, managing and developing our businesses and services
- Security, quality and risk management activities
- Providing our suppliers with information about us and our services
- Complying with relevant law and regulations
4. Customers (and individuals associated with our customers)
Dalkia UK collects only the personal data necessary for the purposes set out below.
The information that we collect may include but is not limited to:
- Business email address
- Business address
- Business contact number
We use personal data for the following purposes:
- Providing professional services
- Administering, managing and developing our businesses and services
- Security, quality and risk management activities
- Providing our customers with information about us and our services
- Complying with relevant law and regulations
5. Visitors to our website
Visitors to our website are generally in control of the data shared with us. We may collect, store and use the following kinds of data:
- Information about your computer and about your visits to and use of the website (including your IP address, geographical location, browser type, referral source, length of visit and number of page views)
- Information that you provide to us for the purposes of subscribing to our website services, email notifications and/or newsletters
- Any other information that you choose to send to us
Personal data submitted to our website may be used for the following purposes:
- To administer the website
- Improve your browsing experience by personalising the website
- Enable your use of the services available on the website
- Send to you our newsletter and other marketing communications relating to our business which we think may be of interest to you, where you have specifically consented to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications)
Who we share your personal information with
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security measures in place to protect the data and to comply with our obligations as data controller.
Personal data held by us may be transferred to:
- Third party organisations that provide data processing or IT services to us
- Third party organisations that assist us in providing goods and services
- Auditors and other professional advisors
- Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation
Transferring data outside of the UK
To deliver services to you, it may be necessary for us to share your personal information outside the UK:
- with our offices within our group located outside the UK
- with your and our service providers located outside the UK
- where there is an international dimension to the service we are providing to you
These transfers are subject to rules under UK GDPR. This means we can only transfer your personal information to a country or international organisation outside the UK where:
- there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
- a specific exception applies under data protection law
Transfers under an exception
We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal information on this ground.
Your rights
Under the UK GDPR you have a number of important rights. In summary, those include rights to:
- access to your personal information
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine
- readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please write to us and:
- provide us with enough information to identify you;
- provide us with proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- clearly set out the information to which your request relates
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to contact us
The data controller is Dalkia UK.
If you have any questions about this privacy notice or how and why we process data, please contact the Data Protection Officer by post:
Andy Smith
Dalkia UK
3rd Floor,
TWENTY,
20 Kingston Road,
Staines Upon Thames,
Middlesex,
TW18 4LG
By email: dataprotection.uk@dalkia.co.uk
How to complain
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please contact the Data Protection Officer with the details of your complaint. We will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) who is the UK data protection regulator. For further information on your rights and how to complain to the ICO, please refer to the ICO website.
Changes to this privacy notice
This privacy notice was published on 18/09/2023.
We may change this privacy notice from time to time.
- Modern Slavery
- Dalkia UK Carbon Reduction Plan
- Privacy Notice
- Cookie Policy
- Terms Of Use
- Policy Statement – Quality
- Policy Statement – Sustainability
- Policy Statement – Health & Safety
- Policy Statement – Corporate Social Responsibility
- Policy Statement – Alcohol, Drug & Substance Abuse
- Tax Strategy Statement
- Section 172 Statement
- Gender Pay Gap Reporting