DATA PROTECTION CODE FOR SUPPLIERS, BROKERS, SUB-CONTRACTORS AND THOSE PROVIDING SERVICES TO D-ENERGi
D-ENERGi takes data protection seriously. The following sections set out our commitment to protecting personal data when working with suppliers, sub-contractors and other Companies providing services, or who may be the recipient of personal data i.e. any information relating to an identifiable living person.
Our full data protection policy can be found at www.d-energi.com/privacy
D-ENERGi may share certain personal information to enable us as a Supplier and others mentioned above to perform work and provide services for our customers.
The suppliers and others mentioned above undertake to exercise control over any shared data and will (unless agreed otherwise)
- Only collect and use the personal data for the purposes that have been agreed
- Not transfer the personal data to third parties without the consent of D-ENERGi and its client
- Not transfer the personal data to other countries.
- Use appropriate measures to protect personal data in compliance with the European General Data Protection Regulation (GDPR) which comes into force on 25 May 2018
- Promptly notify D-ENERGi of any complaints or access requests in respect of the personal data and assist in resolving them
- Advise D-ENERGi if there has been a breach of Data Protection measures and/or loss of data
In addition to the data sharing commitments, the suppliers and others mentioned above will:
- Ensure the processing is carried out under a work instruction in which the supplier processes the data only as necessary to carry out services for D-ENERGi
- Take appropriate measures to protect the data from unauthorised or unlawful processing
ACTING ON THE CODE
Adherence to this code should be proportionate to the circumstances. The level of protection depends upon the sensitivity of the data and the likely consequences of its loss or misuse.
- Suppliers of goods or services to D-ENERGi must register with the Information Commissioner’s Office (ICO) unless they are eligible for exemption under ICO rules.
- Must comply with any rights of data subjects exercised under Data Protections Laws.
- Must inform D-ENERGi if their Company has been subject to an investigation or any finding, decision, notice or undertaking by any court or Information Commissioner’s Office regulator.
- Have organisational and technical measures in place to guard against the unlawful or unauthorised processing of the data and to protect it from accidental loss, damage or destruction. Operate a robust backup and disaster recovery procedure in place.
- Be prepared to provide details of where the data, including any backups will be hosted.
- Keep the data only for the time necessary to undertake the services requested or at the request of D-ENERGi or it’s client, remove and permanently delete all personal data (unless retention is required by law)
- As an energy broker or partner you agree to use appropriate measures to protect personal data in compliance with the European General Data Protection Regulation (GDPR) legislation which came into effect on 25 May 2018 and agree to the data protection code of practice as outlined above.