SONI Privacy Statement

Privacy Statement

Overview

At SONI Limited (“SONI”), we take our obligations under data protection law very seriously and we're committed to keeping your Personal Data private and secure. This privacy statement is designed to help you understand:

what Personal Data we hold;
why we collect it,
what we do with it; and
how we protect it.

It also explains your rights in relation to how we hold and use your Personal Data, how to exercise those rights, and what to do if you need more information, or wish to make a complaint.

This privacy statement applies to all Personal Data we hold, irrespective of any relationship the owner of that Personal Data has with us.

We respect your right to privacy. If you have any questions about how we use your Personal Data, you can write to:

Data Protection Officer

SONI Ltd

Castlereagh House

12 Manse Road, Belfast

BT6 9RT

Alternatively, you can send us an email at DataProtection@soni.ltd.uk.

About SONI

SONI, part of the EirGrid Group since 2009, is the electricity system operator for Northern Ireland: We are responsible for the consistent and reliable transmission of electricity on our high-voltage grid, matching supply and demand for power across Northern Ireland, every second of every day.

In this privacy statement, the terms "we", "our", and "us" are used to refer to SONI. SONI is a “Controller” under the UK General Data Protection Regulation (((EU) 2016/679) (“UKGDPR”), as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019) in respect of any Personal Data you provide to us.

SONI is regulated in Northern Ireland by the Utility Regulator Northern Ireland.

What is Personal Data?

“Personal Data” is any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier such as a user IP addresses or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The definition of Personal Data also includes Special Categories of Personal Data.

"Special Categories of Personal Data" are any Personal Data that reveals a Data Subject’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; genetic data or biometric data and data concerning health or a Data Subject’s sex life and sexual orientation.

Processing of Special Categories of Personal Data is prohibited except in certain circumstances.

Technical data collected

When you visit the SONI website, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website. This non-personal data comprises information that cannot be used to identify or contact you, such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our website. We also collect certain information using cookies. Cookies are small text files that web servers can store on your computer's hard drive when you visit a website. They allow the server to recognise you when you revisit the website and to tailor your web browsing experience to your specific needs and interests.
For more information on our use of cookies, please see our Cookies Policy.

What Personal Data do we use?

We use, or process, a number of different categories of Personal
Data. These Personal Data are largely grouped into two types:

Personal Data you give us:

This is information about you that you give us when engaging with SONI – for example, by filling in forms, responding to questionnaires or by corresponding with us by phone, face-to-face or by e-mail. It also applies to situations where you respond to a public consultation exercise or an information gathering exercise which relates to SONI's general business or responsibility for the safe, secure, efficient and reliable operation of the high voltage electricity Transmission System in Northern Ireland. The information that you give us may include some or all of the following (depending on the circumstances):

your name, date of birth, contact details;
current and previous address, occupation,
nationality, citizenship, photo or other I.D. confirmation;
your property ownership status and information about your property where you have transmission infrastructure on or near your property;
medical data (as it relates to your capacity);
your views and feedback on SONI’s business or
role as the electricity transmission system operator;
records of any consents you have given; and
your use of the SONI website.

We may record telephone calls you
make to us for training or quality purposes. Where you provide information
about others, you must ensure that you have their consent or are otherwise
entitled to provide this information to us.
Personal Data we receive from other sources

This is information about you that we receive from other sources such as our business partners (e.g. N.I.E.N.), or from publicly available sources such as (but not limited to) the Land Registry, death notices and electoral registers. The information that that we receive from these sources will include some or all of the following (depending on the circumstances):
your name, date of birth, contact details;
current and previous address, occupation, nationality, citizenship, photo or other I.D. confirmation;
medical data (as it relates to your capacity);
your property ownership status and information about your property where you have transmission infrastructure on or near your property; and
your views and feedback on SONI’s business or role as the electricity transmission system operator.

What do we use Personal Data for?

Our core business and central focus is the safe, secure, efficient and reliable operation of the high voltage electricity Transmission System in Northern Ireland. To this end we use information held about you in the following ways (as applicable):
establishing and maintaining records associated with connections to the electricity Transmission System;
to ensure we are engaging with the correct landowner/home owner/stakeholder;
to keep you informed about our activities including the operation of the high voltage electricity Transmission System in Northern Ireland;
to analyse, assess, maintain, improve and develop the grid infrastructure;
to verify the accuracy of the Personal Data you have provided to us;
management of an electricity connection agreement;
managing the safe, secure and reliable operation of the electricity Transmission System;
planning and developing the electricity Transmission System;
facilitating the reliable operation of the wholesale electricity markets;
to meet our obligations to our regulators; and
to deal with your enquiries and requests (e.g. complaints handling).

What are our legal bases for processing Personal Data?

Data protection laws require that we have a legal basis in order to use your Personal Data in the manner described in this privacy statement. We rely on the following legal bases in order to process your Personal

Data:

The processing is necessary for the performance of a task carried out in the public interest or in the exercise of an official authority vested in SONI.

Pursuant to SONI’s transmission system operator licence and its legislative functions, SONI must operate, maintain and develop a safe secure and reliable electricity transmission system and in doing so is required to process the information about you referred to in this document.

You have given your consent to the processing
of your Personal Data

We may use your contact details to provide you with certain promotional information about our activities where you have provided your explicit consent for us to do so. You may withdraw this consent at any time by asking us to stop sending you such promotional information. Please note that withdrawing your consent will not affect the legality of any processing which took place prior to this withdrawal.

The processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract

Where we enter into a contract with you (for whatever reason), we will need to process certain Personal Data about you in order to perform our obligations under that contract.

The processing is necessary for compliance with a legal obligation to which SONI is subject

On occasion, we are under a legal obligation to process Personal Data. This could be for the prevention of fraud, or in relation to a criminal investigation,

The processing is necessary for the purposes of SONI’s legitimate interests

There may be circumstances, unless the interests and fundamental freedoms of a Data Subject override them, where SONI has a legitimate interest in further processing of Personal Data.This could include the transfer of Personal Data between members of the EirGrid Group for internal administrative purposes.

The processing is necessary for the performance of a function conferred on SONI by statute

Regarding Special Categories of Personal Data, we may sometimes be provided with certain medical information (for example from legal personal representatives) which relates to a Data Subject’s physical or mental capacity. We may need to process this information when carrying out SONI’s statutory functions of operating, maintaining and developing a safe secure and reliable electricity transmission system. We only use this information to allow us to ensure we deal with landowners and other stakeholders in an appropriate manner.

Who do we share Personal Data with?

We may share your Personal Data with the EirGrid Group. This means EirGrid plc, the Single Electricity Market Operator for the island of Ireland (also known as "SEMO"), EirGrid Interconnector DAC and EirGrid Telecoms DAC.

We will only disclose your Personal Data:

to business partners (e.g. N.I.E.N.), service providers, consultants, advisers, suppliers and sub-contractors where necessary for the performance of any contract we enter into with them;
to third party suppliers and service providers to the extent they assist us with our legal / regulatory obligations or our business operations;
to our regulators for the purposes of complying with our operating licence;
to law enforcement agencies, our legal advisors, the courts and any other authorised bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters, etc.
in the event that we consider selling or buying any business or assets, in which case we may disclose your Personal Data to any prospective sellers or buyers of such business or assets;
in the event of any insolvency or the winding up (e.g. the administration or liquidation) of any member of the EirGrid Group, including SONI;
if we (or substantially all of our assets) are acquired by a third party, or if our functions or powers (or substantially all of them) are transferred to a third party, in which case Personal Data we hold may be transferred to such third party;
to protect the rights, property, or safety of us, our staff, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of staff and customer safety, and crime prevention; or
if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.

Transfers of your Personal Data to the European Economic
Area

The Personal Data that we collect from you may be transferred to, and stored at, destinations inside and outside the European Economic Area (the "EEA"). The EEA includes all EU countries plus Iceland, Liechtenstein and Norway. One example of when we do this is when we use certain third-party cloud storage providers.

When we send Personal Data outside the EEA, we make sure suitable safeguards are in place (in accordance with UK data protection requirements) to protect the data. In all cases these safeguards will be one of the following:

Only sending the data to a country that has been approved by the UK authorities as having a suitably high standard of data protection laws. These countries are set out in the UK’s “adequacy regulations”, and a full list can be found on the Information Commissioner’s Office here.
Putting in place a contract with the recipient containing terms approved by the UK authorities as providing a suitable level of protection.
only sending the data to an organisation which is a member of a scheme that has been approved by the UK authorities as providing a suitable level of protection.

More information on these safeguards can be found here.

Since the departure of the United Kingdom from the EU (“Brexit”), SONI, as a member organisation of the EirGrid Group based in Northern Ireland, is outside the EEA. This means that data, including Personal Data, held by the EirGrid Group is being transferred and stored inside the EEA on a regular basis, each time SONI transfers or stores Personal Data with another member of the EirGrid Group.

Following the European Commission’s adequacy decision of 28 June 2021, the United Kingdom’s data protection laws have been approved as “essentially equivalent” to those that exist in the EU. Likewise, the UK has put in place “adequacy regulations” which recognise the protection for individuals’ rights and freedoms in relation to their Personal Data that exist in the EEA. For this reason, SONI can transfer Personal Data to and from the other members of the EirGrid Group without any additional requirements.

If you have any queries in relation to data protection laws in Ireland, where the remainder of the EirGrid Group is based, or if you would like to know more about your rights or the complaints process in relation to data protection in Ireland, you can visit the website of the Data Protection Commissioner. Alternatively, you can contact their office at:

Data Protection Commissioner

Canal House

Station Road

Portarlington

Co Laois

R32 AP23

How long is Personal Data kept for?

We will only retain your Personal Data for as long as is necessary to fulfil the purposes for which it was collected. After that, we will delete it. The retention period may vary depending on the purposes for which the information was collected.

Where a specific legal or regulatory requirement applies to your Personal Data, we will retain it for the period of time specified in such legal or regulatory requirement. In the absence of a specific legal or regulatory requirement we will retain your Personal Data for the applicable statutory limitation period following the end of the matter to which it relates. We may be required to extend the retention period if the data is required in relation to a complaint, investigation, judicial review, claim or litigation.

Please also note that we are sometimes legally obliged to retain original legal documents, such as easements or title deeds, indefinitely.

Your rights

You have several rights under data protection law in relation to the way we process your personal data. These rights comprise the right to:

access Personal Data held by us about you;
require us to rectify any inaccurate Personal Data held by us about you;
require us to erase Personal Data held by us about you;
restrict our processing of Personal Data held by us about you;
receive a copy of your Personal Data in a structured, commonly used and machine readable format, and you also have the right to require us to transferthis Personal Data to another organisation, at your request (known as the "right of portability");
object to our processing of Personal Data held by us about you; and
withdraw your consent, where we are relying on it to process your Personal Data.

These rights are subject to certain restrictions provided for in data protection legislation. For example:

The right of portability will only apply to the extent that we process your Personal Data on the basis of your consent or on the basis of a contract, and where we process it by automated means.
The right to restrict our processing of Personal Data held by us about you will only apply where (for example):
- you dispute the accuracy of the personal data held by us; or
- where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or
- where we no longer need the personal data to achieve the purpose for which it was collected, but you require the data for the purposes of dealing with legal claims.

You may contact us using the details on our website (or by contacting our DPO directly – details below) to exercise any of these rights. Please address any questions, comments and requests regarding our data processing practices to our Data Protection Officer in the first instance. Our DPO can be contacted by writing to the Data Protection Officer, SONI Ltd. Castlereagh House, 12 Manse Road, Belfast, BT6 9RT or you can email DataProtection@soni.ltd.uk.

Information Commissioner’s Office

If you have any concerns regarding our processing of your Personal Data, or are not satisfied with our handling of any request by you in relation to your rights, you also have the right to make a complaint to the Information Commissioner's Office – Northern Ireland. The Commissioner’s contact details are:

Telephone: +44 28 9027 8757 OR 0303 123 1114

E-mail: ni@ico.org.uk

Postal Address:

The Information Commissioner’s Office – Northern Ireland

3rd Floor

14 Cromac Place

Belfast

BT7 2JB

Changes to our privacy statement

We may update this privacy statement from time to time. Any changes we may make in the future will be posted on this page of our website and, where appropriate, we will endeavour to bring the changes to your attention by other means.

Last updated 8^th August 2022