Privacy Notice

Leep Utilities Limited and its subsidiary companies (Leep) are committed to complying with the General Data Protection Act 2018. Looking after the personal information you share with us is very important and we want you to be confident that your personal data is kept safely and securely and you understand how we use it.

We have published this notice to help you understand:

·         How and why Leep collect information from you

·         Who we share your information with, why and on what basis

·         What your rights are

If we make changes to this notice we will notify you by updating it on our website. Leep will be what is known as the ‘Data Controller’ of the personal data you provide to us, and we will sometimes refer to ourselves in this notice as “we” or “us”. By Data Controller, this means Leep determines the way in which any personal data is, or will be, processed.

Should you need to contact us please choose one of the following options:

What information we collect when you register and why?        

When you take services from us, you are entering into a deemed contract and we will need to set up an account.

So we can set this up we will ask you to provide some personal information such as:

  • Full name
  • Address (and previous addresses)
  • Date of birth
  • Contact numbers
  • Email addresses

If you wish to set up a direct debit payment, we will collect bank details from you and securely store this information.

As a credit customer, we get information about you from credit reference agencies. This is covered in more detail in the section Who we share your information with and why.

How do we use your information?

Data Protection stipulates that we are allowed to use and share your personal data only where we have a justified reason to do so. The Regulation provides we must have one or more of these reasons, which are:

  • Contract – your personal information is processed in order to fulfil a contractual arrangement e.g. in order to send you your billing information
  • Consent – you agree to us using your information in this way e.g. for storing your bank details
  • Legitimate Interests – allows Leep to provide you with the best service in the most secure and appropriate way e.g. to transfer your data to certain Third Parties
  • Legal Obligation – where there is a legal requirement to share the information e.g. when we have to share your information for law enforcement purposes

Who we share your information with and why

Leep works with a number of trusted suppliers, agencies and businesses in order to provide a high-quality service; working with credit reference agencies, fraud prevention agencies, technicians visiting your home, amongst others.

Some examples of the categories of third parties with whom we share your data are:

IT Companies

Leep works with businesses who support our website and other business systems.

Payment Processing Providers
Leep works with trusted third-party payment processing providers in order to securely take and manage payments.

Credit Reference Agencies
When you apply for credit with us we will undertake searches with Credit Reference Agencies (CRAs). We do this to offer our customers appropriate, affordable and flexible payment options. This also allows us to monitor potential fraud through the provision of false or inaccurate information.

 We will continue to exchange information with CRAs for the lifetime of your account. Data held by the CRAs will be linked to the data of your spouse, any joint applicants or other financial associates.

We will use automated credit-scoring methods to assess your application and to confirm your identity. We will check your credit history against our lending criteria and if you don’t meet our requirements you will offered an alternative payment method. Further details regarding automated credit scoring are below. Should you wish to object to the use of automated credit scoring, please contact us using one of the following methods:

For your information please us the link below to see the Credit Reference Agency Information Notice (CRAIN) whttp://www.experian.co.uk/crain/

Debt recovery and fraud prevention services
Before we provide services to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering and to verify your identity.

Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, and IP addresses. Together with fraud prevention agencies, we may enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

We process your personal data on the basis that we have a legitimate interest or is in the public interest, in preventing fraud and money laundering and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is a contractual requirement of the services or payment options you have requested.

Fraud prevention agencies can hold your personal data for different periods of time and, if you are considered to be a fraud or money laundering risk, your data can be held for up to six years.

Automated Decisions

As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision-making: if you want to know more please contact us using the details above.

Consequences of Processing

If we, or a fraud prevention agency determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services or financing to you. If you have any questions about this, please contact us on the details above.

Data Transfers

Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

Your Rights

Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.

For more information or to exercise your data protection rights, please contact us using the contact details above. You also have a right to complain to the Information Commissioner’s Office, which regulates the processing of personal data.

Transfers to countries outside the European Economic Area

Some of the information you provide to us may be transferred to our partners who may be based outside the European Economic Area (EEA). We undertake data security due diligence on our partners and ensure that that these partners conform to appropriate accreditations.

Wherever transfers of data to countries outside the EEA occurs, Leep will put in place an appropriate contractual provisions to ensure that there are strict rules regarding both the confidentiality and security of your information.

Keeping in touch with you

We want to keep you up to date with information about our services or improvements to our website. When you set your account up, we will ask you if you want to receive this type of information.

If you decide you do not want to receive this information you can request that we stop by:

Leep will not share your information with companies outside of Leep Utilities Limited and its subsidiary companies.

You may continue to receive mailings for a short period while your request is dealt with.

How long we keep your information

If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.

We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under How we use your information above. The only exceptions to this are where:

  • the law requires us to hold your personal information for a longer period, or delete it sooner;
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
  • we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
  • in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.

What are your rights

You are entitled to request the following from Leep, these are called your Data Subject Rights and there is more information on these on the Information Commissioners website www.ico.org.uk

  • Right of access – to request access to your personal information and information about how we process it
  • Right to rectification – to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • Right to erasure (also known as the Right to be Forgotten) – to have your personal information erased.
  • Right to restriction of processing – to restrict processing of your personal information
  • Right to data portability - to electronically move, copy or transfer your personal information in a standard form
  • Right to object - to object to processing of your personal information
  • Rights with regards to automated individual decision making, including profiling – rights relating to automated decision making, including profiling

If you have any general questions about your rights or want to exercise your rights please contact us using one of the following methods:

You have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed. The contact details for the Information Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICO website www.ico.org.uk where your personal information has or is being used in a way that you believe does not comply with data, however, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.