Telos NRG is committed to protecting and respecting the privacy of your personal data. This privacy notice explains how your data is collected, used, transferred and disclosed by us. It applies to data collected when you use our website or services; supply us with products or services; interact with us through social media, email, post, text or phone; apply for employment with us; or are employed by us.
This privacy notice explains:
- About Telos NRG
- What is personal data?
- How we keep your data secure
- The data we collect about you
- How we collect your data
- The legal basis for processing your personal data
- How we use your data
- Communication preferences
- Analytics and targeted advertising
- How we share your data
- International transfers
- Your rights
- How to contact us
About Telos NRG
TelosNRG Limited (company registration number 10490927) provides assurance, integrity and transformation services to the energy industry.
You may contact us by post at Unit 2.07, Chester House, Kennington Park, 1-3 Brixton Road, London, SW9 6DE or by email to firstname.lastname@example.org
We collect personal data for the purposes of delivering services to clients; recruiting and managing employees and contractors; processing and validating payments; carrying out market research; and recommending products and services that might interest you.
What is personal data?
Personal data is any information which identifies and is about a living person. It might be possible to identify the individual through a single, specific identifier, such as a name; or by combining several different identifiers, such as job role and team. Some information is considered particularly sensitive because of the serious impact that it might have on the individual concerned if the data was lost or stolen. We may collect sensitive personal data, such as dietary requirements and health, where we have a lawful basis to do so.
How we keep your data secure
We have put appropriate organisational safeguards and security measures in place to protect your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We keep your data confidential within a secure infrastructure protected by multiple firewalls and we are committed to keeping the security of these systems as up-to-date and as secure as possible. We limit access to your personal data to those employees, consultants, contractors and other third parties who have a business need to know it. They will only be permitted to process your data on our instructions and will always be subject to a duty of confidentiality.
We require any third party who is contracted to process your personal data on our behalf to have security measures in place to protect your data and to treat such data in accordance with the law. We have put in place procedures to deal with any suspected personal data breach and will notify you and the UK Information Commissioner of a breach where we are legally required to do so.
The data we collect about you
The following groups of personal data may be collected and processed by Telos NRG:
- Identity Data such as your first name, last name, title, date of birth, gender;
- Contact Data such as your e-mail address, address, and telephone number;
- Technical Data such as your internet protocol (IP) address, login data, operating system and platform;
- Transaction Data such as orders, sales and payments.
- Marketing Data such as your marketing and communication preferences in receiving communications from us and our third parties;
- Usage Data such as your use of our website, performance and other communication data;
- Survey Data such as your comments and opinions provided in response to a survey.
In addition, we may collect the following additional groups of data with respect to job applicants, employees or ex-employees, associates, contractors, and temporary employees:
- Identity Data such as proof of your identity (e.g. passport, valid driving licence or birth certificate);
- Contact Data such as information about your marital status, next of kin, dependants, personal and emergency contacts;
- Recruitment Data such as details of your education, qualifications, occupation, work history, experience, referees, training and skills development; nationality, entitlement to work in the UK; criminal record (if your role requires this);
- Employment Data such as the terms and conditions of your employment, salary or fee payments, benefits, work patterns, NI number, attendance, holidays, sickness, disciplinary or grievance issues, medical or health conditions, disabilities (for which we need to make reasonable adjustments); and information about your vehicle, driving licence, MOT and insurance documents if you drive on company business; business and indemnity insurance;
- Financial Data such as your bank account details;
- Performance Data such as performance reviews and ratings, performance development plans and related correspondence; and timesheet information;
- Activity Data such as the activity logs held within Telos NRG IT systems and databases;
- Communications Data such asthe emails you send or receive via the Telos NRG email system.
How we collect your data
We may collect personal data from you when you: use our website; interact with us through social media, email, post, text or phone, or use one of our cookies. In addition, we will also collect personal data from job applicants, employees, ex-employees, associates, contractors and temporary employees during their recruitment screening and throughout the tenure of their employment or contract with us.
The legal basis for processing your personal data
The law requires us to inform you of the legal basis for collecting and processing your personal data, where we are the Data Controller or Joint Data Controller. These include:
- Performance of contract: In most cases, this occurs when we have a contract with you to either provide a product or service to you, or to receive something from you. Examples include: employment contracts; associate contracts; agreements for the provision of our products or services; and procurement contracts. We are also acting under the performance of contract if we collect or process your data for the purposes of entering into a contract, if you have expressed an interest in working with us.
- Legitimate interests: We may have a legitimate interest in processing certain personal data, which does not relate to the performance of a contract agreed with you. If we rely on our legitimate interests to justify processing your data, we will have conducted an assessment to evaluate the fairness of this; and will only undertake the processing if it is reasonable to do so and will not cause undue risk to you.
- Legal obligation: We may be legally obliged to share certain data about you with third parties, such as HMRC.
- Consent: In general, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to individuals via email or text message. Where we would like to be able to contact you about our products and services, and no other legal basis applies, we will seek your consent to retain and re-use your contact details for that purpose. You have the right to withdraw consent to marketing at any time by contacting us at email@example.com
How we use your data
Your personal data is used by us to support a range of different purposes and activities. These are listed in the table below together with the types of data used and the legal base(s) we rely on when processing them, including where appropriate, our legitimate interests. Please be aware that we may process your personal data using more than one lawful basis, depending on the specific activity involved.
|Purpose / Activity||Type of Data||Lawful Basis|
|To develop and deliver energy assurance, integrity and development projects.||Identity Contact Technical Usage||Performance of a contract with you Necessary for our legitimate interests (e.g. to maintain and develop our core products and services)|
|To manage our relationship with you, including: providing you with any information, products or services that you request from us; notifying you about changes to our services, terms and conditions or privacy notice.||Identity Contact||Performance of a contract with you Necessary for our legitimate interests (to study how customers use our products and services)|
|To create an account, register you as a new customer and administer your account.||Identity Contact Financial Transaction||Performance of a contract with you Necessary for our legitimate interests (e.g. to recover debts due to us)|
|To use data analytics to: improve our website, services, marketing and for market research purposes.||Identity Contact Technical Usage Marketing Survey||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To register you for email updates, and recommend products and services and events that may be of interest to you||Identity Contact Technical Usage||Consent|
|To protect the security of commercial and personal and special data in our care by securing and monitoring activity within our network, internet and email.||Identity Technical Usage Activity Communications||Necessary for our legitimate interests (protecting the data entrusted to us by customers and commercially sensitive data about our business)|
For job applicants, employees, ex-employees, associates, contractors and temporary employees only:
|Purpose / Activity||Type of Data||Lawful Basis|
|To recruit the right people for our business, and manage their working relationship with us, including job role and responsibilities, salary or fee payments, progression, training, performance management and disciplinary or grievance procedures.||Identity Contact Recruitment Financial Transaction Activity Employment Performance Technical Usage Survey Communications||Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (e.g. to monitor equal opportunities, to gather employee feedback; to contact your next of kin in case of emergency)|
|To arrange travel for you on Telos NRG business and making appropriate safety arrangements for this, including monitoring your travel.||Identity Contact Communications||Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (e.g. to contact your next of kin in case of emergency).|
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we wish to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We may process personal data without your consent, in compliance with the above rules, where this is required or permitted by law.
We will keep your personal data for no longer than is necessary for the purpose(s) it was provided for and to meet our accounting, reporting, legal obligations and public interest responsibilities. Further details of the retention periods we apply to your data are available on request from firstname.lastname@example.org
We may send you information about our services and activities by email if you have provided your email via our website. If you do not wish to continue receiving information from us, you can ‘opt-out’ at any time by using the “Unsubscribe” link included in the footer of an email sent by us or by contacting us directly at email@example.com. We will process all opt-out requests as soon as possible, but please note that it may take a few days for any opt-out request to be implemented.
Our website may include links to and from the websites of our suppliers, customers, partners and other relevant organisations. If you follow a link to any of these websites, please note that these websites will have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to their websites.
Analytics and targeted advertising
How we share your data
We may disclose and share your personal data with the parties set out below, for the purposes outlined in the tables above:
- government agencies, their partners and other third parties to comply with our legal obligation or public interest responsibilities (such as HMRC, Magistrates Courts, Employment Tribunals);
- associates, business partners, suppliers (including their sub-contractors) or other third parties that we use to support the operation of our business. For example, to: provide IT systems and software, internet access, website or hosting solutions; provide training and development services; deliver employee benefits, run our payroll, perform occupational health checks and referrals, and provide employee assistance;
- our professional advisers including auditors, lawyers, bankers and insurers who provide professional advice and services or help us meet our audit responsibilities;
- where you have consented for us to do so. For example, if you have given your consent for us to share your data with a third party in respect of an event, we may pass your data on to the relevant third party administering the event;
- employers of associates and contractors.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
You have several rights under the data privacy legislation. This includes, under certain circumstances, the right to:
- request access your personal data;
- request correction of your personal data;
- request erasure of your personal data;
- request the restriction of processing of your personal data;
- request the transfer of your personal data;
- object to processing of your personal data;
- object to automated decision making;
- complain to us and the Information Commissioner.
Details of each of these rights are set out below:
- Access your data: You can access the data we hold on you at any time, by making a Data Subject Access Request.
- Rectify your data: You can ask us to correct any data we hold about you that is inaccurate.
- Request erasure: You can ask us to delete your personal data if there is no lawful basis for us continuing to process it. If there is a legal requirement for us to retain your data, you may be able to ask us to restrict processing.
- Request the restriction of processing of your data: You may ask us to suspend the processing of your data under certain circumstances, for example pending a review of the accuracy of the data or after you have objected to our use of the data, and we need to establish whether we may lawfully continue processing it.
- Request the transfer of your data: In some cases, you can ask us to transfer the data you originally provided to us to yourself or to another company. This only applies to digital data you provided directly or that we observed about you through automated means.
- Object to the processing of your data: You can object to our processing of your data for direct marketing purposes, or on the basis of our stated legitimate interests (defined in the table above). In some cases, we may have compelling lawful grounds to process your data which override your rights and freedoms.
- Object to automated decision-making: You can also object to the processing of your personal data where profiling is being used to make assumptions about your behaviours or preferences; for example, to target marketing communications. You have the right not to be subject to automated decision-making and can require that any such decisions are reviewed by a human.
- You can lodge a complaint: If you believe your data is being handled in a way that breaches data protection legislation, you can lodge a complaint with us directly. You also have the right to complain to the UK Information Commissioner’s office www.ico.org.uk Please be aware that we take the handling of your personal data very seriously. As such, we would always appreciate the opportunity to address any concerns you may have directly with you.
If you wish to exercise any of these rights, or lodge a complaint please contact our Data Protection Office at firstname.lastname@example.org. You will not normally have to pay a fee, however, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will always try to respond to any legitimate request within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
How to contact us
If you have any questions or concerns about the way in which we collect, hold or process your data, or simply wish to exercise your rights (as identified in the previous section) please contact us directly by email to email@example.com or by post to Unit 2.07, Chester House, Kennington Park, 1-3 Brixton Road, London, SW9 6DE.
This Privacy Notice maybe changed over time – notification of updates will be posted on our Website.