Data privacy

We collect your personal data so that we can manage our relationships with you. Activities that we require personal data for include:

• Management of an electricity connection agreement
• Managing the safe, secure and reliable operation of the electricity distribution system
• Building, developing and managing the electricity network in Ireland
• Facilitating the reliable operation of the retail and wholesale electricity markets
• Adhering to the licence and regulatory obligations governing the operations of the electricity market

We ensure that the information we collect is appropriate to the purposes for which it is obtained.

We keep our computer systems, files and buildings secure by following legal requirements and international security guidance. We make sure that our staff, and anyone with access to personal data that we are responsible for, is trained on how to protect personal data. We ensure that our processes clearly identify the requirements for managing personal data and that they are up to date. We regularly audit our systems and processes to ensure that we remain compliant with our policies and legal obligations.

At ESBN, we recognise the importance of personal data entrusted to us. We may collect and hold a range of information about you. Examples of the types of information we may hold include:

• Information about you and your premises; this may include contact information and personal security information that you have provided to us to help us correctly identify you when you contact us
• Information about you, where you have electricity infrastructure on or near your land
• Information on current and past energy used (imported from the grid) and generated (exported to the grid) at your premises at daily and 30 minute, daily and monthly intervals depending on your meter type.
• Details about current and past connection agreements and their holders at your premises
• Information about work carried out at your premises in the past, or planned to take place in the future
• Information about your interactions with us, including where you may have reported a fault or emergency
• Information about any special requirements you may have disclosed where continuity of electricity supply is critically important
• Recordings of telephone conversations with you
• Information about work carried out at your premises in the past, or planned to take place in the future
• Information provided by you when you take part in customer surveys or market research
• CCTV or dash cam images or recordings captured for security and safety purposes
• Any other personal data relating to you that you provide to us or that we generate in connection with our relationship with you, including records of any consent you have given and your use of ESB Networks website(s)

When you use our website, our cookies collect information about the pages you look at on our website and how you use them, your device type, operating system and browser type.  (See “Our use of Cookies”, below) 

We collect most of this information directly from our interaction with you, when you contact us in writing, by telephone or electronically (by email, using our website or on social media). Some information is collected as a result of you using our services. We may also obtain information about you from external parties, such as electricity suppliers, flexibility service providers and contracted partners as part of the standard operations of the electricity market

Our websites use ‘cookies’ to help us provide users with a better experience each time they visit. A cookie is a small piece of text that is placed directly on a device when it is used to visit a website. This helps to give the user a better experience when using the website. The information gathered by the cookie stays on the user's device.

We use information gathered from cookies to help improve users experience on our website, for security and to personalise content and advertising. For example, cookies help us to identify that the device has visited our site before, allowing us to customise the experience based on previous browsing history. It also helps us to determine the most relevant information to show that user when they are browsing. Further information about the type of cookies that we use and their purpose is available in the Cookies Policy included below. 

We do not use cookies to gather any personal data for storage on our systems. The user can delete the cookie and the information that it gathers at any time using the settings in their Internet web browser.

Information collected by us will be held for as long as it is required to fulfil the purpose it was collected and to protect our business and our rights.  We are required to keep certain types of information for a specific period of time in order to comply with legal requirements.  The length of time we keep any part of your personal information will depend on the type of information and the purpose for which it was obtained.

We use personal data so that we can, in accordance with our connection agreements and our licence obligations, provide you with electricity services. We may use personal data in some of the following ways:

• Establishing and maintaining records associated with connections to the electricity network
• Monitoring electricity usage
• To conduct operations and carry out necessary works on your electricity meter
• Generating and sending invoices and collecting payment
• Discussing and responding to requests for information or general queries
• To support the operation of the competitive electricity market in Ireland
• To study electricity usage patterns and trends throughout the electricity network to help with investment and operational decisions
• To enable us to provide services to you such as our customer portal, flexibility services and digital identity verification
• To enable us to comply with any legal or regulatory requirements
• To protect or enforce our rights or the rights of any third party
• To facilitate the flow of electricity connection information between market participants
• In the detection and prevention of fraud and other crime
• For the purpose of safeguarding someone's vital interests
• Responding to requests from the courts and enforcements authorities
• Establishing and commissioning the Advanced Meter Infrastructure (AMI) to support operation of Retail Market Smart Services (including time of use tariffs)
• Operation of the Advanced Meter Infrastructure (AMI) to support operation of Retail Market Smart Services (including time of use tariffs)

We collect and process your personal information, in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, under the following legal bases:

• Performance of a contract, for instance when we manage your electricity connection;
• Compliance with a legal obligation, for instance when we are required to manage your electricity data or provide some information to public authorities;
• To perform a public task that has been delegated to us, for instance to manage the electricity distribution system network and to comply with the requirements of our licences;
• For our legitimate interests, such as when we contact you to participate in surveys or focus groups, or to defend against legal claims.

In order for us to carry out certain activities using your personal data, we may need to ask for your consent. When consent is being requested, we will provide options such as the choice of whether we may contact you by phone, post, email, text or through other digital media.

Where we require consent, we will explain why and provide sufficient information to allow you to make an informed decision.

When we receive consent to perform such activities, that consent may be withdrawn at any time by contacting us.

We may share your personal data with, or disclose your personal data to, the following categories of third party:

Electricity market participants: as the Distribution System Operator and the Meter Registration System Operator in Ireland, we are required by the Commission for Regulation of Utilities in Ireland (CRU) to make available, coordinate or provide information to electricity market participants to facilitate the operation of the Retail and Wholesale Electricity Markets. The data sharing requirements for this process is regulated by the CRU. Energy consumption data is only shared with electricity market participants where the customer has requested this to happen through their electricity supply company.

Third Party approved by you: were you ask us to transfer your data to another third party, such as solicitors or other representatives operating on your behalf, financial institutions for digital identity verification purposes.

Agents or suppliers: these are persons or companies we have contracts with to provide products or services that we use in conducting our business, including managing our relationship with our customers. These may include companies that: send communications to our customers, carry out meter reading, installation and maintenance services of our assets and carry out customer satisfaction and research surveys. 

Professional advisers: we may share or disclose personal data to professional advisers we may engage for any reasonable purpose in connection with our business, including assistance in protecting our rights

Other external bodies: in certain circumstances, we may be required by law to disclose personal data to external bodies, such as Health & Safety Authority (HSA), local authorities, government departments, Central Statistics Office, Revenue Commissioners, Data Protection Commission, Commission for Regulation of Utilities or An Garda Síochána.

In many cases, or suppliers or business partners will be within the European Economic Area (EEA) but in some cases they may be outside of the EEA. We will only share or disclose to these parties the information that they need in order to provide the products or services and will require those parties to ensure that the information is always adequately protected. Where personal data is transferred outside of the EEA, we ensure that all such transfers are made in accordance with data protection law and that your data it will be given an equivalent level of protection that it has when it is being managed in Ireland.

The collection and use of your data by ESBN is overseen by the ESB Group Data Protection Officer. If you wish to contact our Data Protection Officer, you can email dpo@esb.ie or via post at Data Protection Officer, ESB, ESB, 27 Fitzwilliam Street Lower, Dublin 2, D02 KT92.

Although ESB needs to capture, store and process your personal information in order to carry out a range of services, you have a range of rights available to you to give you confidence that your information is appropriately managed. Detailed information about your rights, when they apply and our responsibilities to you are available on our website.

The rights that you have available to you include:

Gaining access to and copies of your personal data: you are entitled to receive, on request and free of charge, a copy of all your personal data that we hold. There are some limitations to this right. For example, if the data also relates to another person and we do not have that person’s consent, or if the data is subject to legal privilege. Where there is data that we cannot disclose, we will explain this to you. To request a copy of your data, please email dpo@esb.ie or send a letter to the Data Protection Officer, ESB, 27 Fitzwilliam Street Lower, Dublin 2, D02 KT92 .

Ensuring that your data is accurate: our aim is to ensure that the data we hold about you is correct and up to date. From time to time we may contact you to verify the information that we hold. You may also contact us to correct any errors that you notice.

Granting or Removing consent: where we require your consent for any processing, for example, to provide you with direct marketing communications, we will clearly explain what the consent is for, and any consequences of giving or refusing consent, and will provide that consent can only be given by way of a positive action by you. We will also ensure that you are able to withdraw any such consent at any time.

Restricting processing of your data: you have the right to request us to restrict the processing of your personal data in certain circumstances, for example, if there is a dispute over our rights to carry out specific processing activities, or where you do not want us to delete data. We will respond promptly to your request and will provide an explanation if we cannot fully comply.

Deletion of your data: in certain circumstances, you may have the right to have some or all of your personal data deleted from our records. This is sometimes referred to as the “right to be forgotten”. This may occur if, for example, we retain data which is no longer required by us, or if you withdraw a consent. If you continue to have a relationship with us, we must retain the data we need to manage this relationship. We will respond promptly to your request, and provide reasons if we object to the deletion of any of your personal data.

Moving your data: where it is possible for us to provide it, you have the right to receive a digital copy of the personal data that you have provided to us.

If for any reason you have a complaint about our use of your personal information, or you are unhappy in any way with the information we provide to you, we would like you to contact us directly so that we can address your complaint. You can contact us using the contact details outlined above. You may also contact the Data Protection Commission in Ireland about such matters on 1890 252 231 by email at info@dataprotection.ie or by postal mail at Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28.

We will occasionally update this privacy notice. We will post a notice of any material changes on our website prior to implementing the changes, and, where appropriate, notify you using any of the contact details we hold for you for this purpose. We encourage you to periodically review this notice to be informed of how we use your information.