Delivering what we promise

Privacy Policy

Who We Are

Morrison Data Services is the UK’s leading utility data services business, differentiated by the scale and capability of its national workforce. This provides regulatory assurance and innovative solutions to energy and water retailers in rapidly changing markets.

GDPR Lawful Basis
A key GDPR stipulation is that Controllers and Suppliers must assign a lawful basis for their processing activities. Morrison Data Services has identified a 'legitimate interest' for when processing information from energy suppliers.

This is based on the regulatory need to:

  • Record meter reads for both customer billing and industry settlement, and;

  • For carrying out safety inspections

in line with our clients supply license obligation for both gas and electricity.

What data do we collect?

In order to deliver the services that we do, we need to collect personal data. Depending on which of our services you use, we may need to collect:

  • Name, address and contact details such as telephone number and email address
  • Bank details, only where required
  • Any special access requests that could affect any site visits that are made
  • Technical details about utility meters
  • Utility consumption data

How we collect data

Your data will either be provided to us by:

  • You, when initiating a contractual relationship with us
  • Third parties that you have contracts with where we have been appointed with carrying out the work
  • Collecting data while carrying out work as part of existing contracts (e.g. collecting contact details to arrange a site visit)

What data do we collect and how we use it?

We may use your information to:

  • Collect meter readings and consumption data
  • Carry out work identified by energy suppliers, e.g. install, remove or exchange meters
  • Identify where consumers have special access requests which need to be catered for
  • Carry out security, locks, debt, roll shutters and aerial fitting as part of our ProtectMyProperty work
  • Take payment for ProtectMyProperty work
  • Make and receive contractual payments with our suppliers
  • Process customer-supplied data in relation to the services that we provide

How we secure data

We implement a set of strict information security policies and procedures to protect your data both in transit and at rest. These include:

  • All data communications are secured ensuring that all the data we send or receive is protected.
  • All data is stored in our highly secure databases within our UK datacentres.
  • We implement strict security controls around accessing the data implementing the principle of least privilege.

Third parties

As part of our day to day operations we may need to pass your personal data to our third party suppliers. This is only done to support the contract that we have with you. Your data will not be used for any other purpose without your express consent.

Your data will not be used by our third party suppliers for marketing purposes.

Your rights

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.

If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.

You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.

Subject Access Request

If you do exercise your right to raise a subject access request we have put processes in place that will tell you:

  • whether or not your data is processed and if so why, the categories of personal data concerned and the source of the data if it is not collected directly from you
  • to whom your data is or may be disclosed, including to recipients located outside the European Economic Area (EEA) and the safeguards that apply to such transfers
  • for how long your personal data is stored (or how that period is decided)
  • your rights to rectification or erasure of data, or to restrict or object to processing
  • your right to complain to the Information Commissioner if you think Morrison Data Services has failed to comply with your data protection rights
  • whether or not Morrison Data Service carries out automated decision-making and if so, the logic involved in any such decision-making

Breach

If Morrison Data Services discovers that there has been a breach of personal data that poses a risk to an individual’s rights and freedoms, we will report it to the Information Commissioner within the guidelines as set out within the GDPR. The organisation will record all data breaches regardless of their effect.

If the breach is likely to result in a high risk to the rights and freedoms of individuals, it will tell affected individuals that there has been a breach and provide them with information about its likely consequences and the mitigation measures it has taken.

Impact Assessments

Some of the processing that the Morrison Data Services carries out may result in risks to privacy. Where processing would result in a high risk to an individual's rights and freedoms, we will carry out a data protection impact assessment to determine the necessity and proportionality of processing and where appropriate, we will refer this information to the Information Commissioner as per the guidelines in the GDPR. This will include considering the purposes for which the activity is carried out, the risks for individuals and the measures that can be put in place to mitigate those risks.

Latest News

CO-OP ENERGY SELECTS MORRISON DATA SERVICES FOR DATA MANAGEMENT AND METER READING SERVICES AGREEMENT
£7M five-year contract covers England, Wales & Scotland Services to include non half hourly data collection, field data aggregation and...

View More