CRU Privacy Notice
This notice is being provided to you in line with our obligations under the General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018. From that date, the GDPR, together with applicable Irish requirements, amends existing data protection law and places enhanced accountability and transparency obligations on organisations when using your information. It also gives you greater control over your personal information.
Please take time to read this notice carefully. If you have any questions about how we use your information, please contact our Data Protection Officer at the details below.
This notice relates to the CRU privacy practices and policies. The CRU is not responsible for the content or privacy practices and policies of other websites. Any external links to other websites are clearly identifiable as such.
Who we are
The Commission for Regulation of Utilities (CRU) is Ireland’s independent energy and water regulator and has a wide range of economic, customer protection and safety responsibilities. The CRU is also the economic regulator of the Irish public water and wastewater sector.
The CRU acts as data controller in relation to information held about you for the purposes of data protection law i.e. the General Data Protection Regulation (GDPR) and any applicable Irish implementation.
Why we collect information about you
In order to carry out its functions, the CRU needs to collect and use personal information about the individuals who come into contact with us in areas such as;
- Complaint resolution (utility customers can contact CRU Customer Care to help resolve their complaints with suppliers or network operators);
- Information requests or queries;
- Public access to information under FOI / AIE / Data Protection legislation;
- CRU Consultation process where members of the public are invited to respond;
- Public procurement activities (tenderers, suppliers and service providers);
- Licencing activities (in processing applications for Licensing, Consents, Certifications & Registrations);
- Retail market monitoring and reporting activities;
- Conducting audits on energy suppliers;
- Energy Safety Supervisory Body (Safe Electric and RGII) activities (appeals, complaints, illegal activity; disciplinary investigations and enforcement; monitoring and inspection of Inspectors);
- Gas Safety Framework Incidents and Investigations and
- Protected Disclosures to CRU Commissioners.
This information is collected when you contact us with a query or request; through forms you complete, when you give us information verbally or in writing, when you visit the CRU offices and from the entities that we regulate or designate.
The information we process about you
|Categories of Personal Data||Types of Personal Data|
|Identity||Name, surname, title, and other identifying information provided by you (such as details left in voicemails)|
|Contact information||Home address, email address, phone number.|
|Energy or Water Customer details||Complaint Reference Number as assigned by Supplier or Network Operator, Account Number, MPRN / GPRN / WPRN, Nature of complaint and resolution steps.|
|Tenderer details||Staff CV details such as qualifications and experience, photos if provided in tender documents|
|Supplier details||Contact information, bank details, VAT details and tax clearance information|
|Stakeholder details||Contact information, role, meeting minutes / notes|
|Licence & Authorisation Applicant details||Contact information, Names of company directors, Person responsible for construction / Engineer.|
|Market data as shared by Utility Suppliers or Network Operators for the purposes of market monitoring, conducting supplier audits or CRU decision making
|Bulk energy retail market data regarding customer switching, renegotiations, prices, discount levels, disconnections, PAYG installations and debt flagging.
Energy customer MPRN / GPRN bulk meter details relating to disconnections.
Additional retail market data may be processed on a case by case basis in the context of conducting Energy Supplier Audits as required in the Energy Supplier Handbook.
Irish Water customer WPRN bulk meter details.
|Members of or applicants to Safe Electric (RECI) or RGII details (where a complaint or an appeal has been received)||Contact information, documents relating to educational and employment background including identification, professional qualifications, skills training undertaken and previous employment details|
|Unregistered gas installers and electrical contractors (where a complaint has been received)||Investigation files and enforcement actions, contact information, identification, statements in relation to alleged illegal gas and electrical works, employment background and professional qualifications|
|Safe Electric or RGII Inspectors details (where inspected or audited)||Name, contact information, registration number, employment background, professional qualifications|
|Personal details relating to Gas Safety Framework (GSF) Incidents & Investigations||Contact information, nature of incident, injury information, health status of victim, investigation report|
|Protected Disclosure details||Contact information, organisation, role|
|Other personal information||Telephone recordings (made to our out-sourced customer care provider); CCTV images at our offices; Information in relation to FOI / AIE / Data Protection requests.|
Please note: The CRU does not request or require personal data relating to your children, your health status, criminal convictions or any other special category / sensitive information in any of our public interactions, such as complaint resolution.
Why we use your information
We fully respect your right to privacy and will only collect or process your personal data, where required, for one or more of the following purposes (legal basis):
To comply with our legal obligations
- Resolving energy & water customer complaints with your energy supplier, network operator and Irish Water (As prescribed for under S.I. No. 463 of 2011 and the Water Services Acts 2013, 2014 & 2017).
- Providing you with information relating to the services provided by energy suppliers, network operators or Irish Water. (As prescribed for under S.I. No. 463 of 2011 and the Water Services Acts 2013, 2014 & 2017).
- Processing applications for a Licence to Generate Electricity or Authorisation to Construct or Reconstruct a Generating Station or Electricity Supply Licence (under the Electricity Regulation Act, 1999 Section 14 as amended); Natural Gas Shipping and Supply Licence (Under Section 16 of the Gas (Interim) (Regulation) Act 2002, as amended); Consents pursuant to Section 48 and Section 49 of the Electricity Regulation Act 1999; High Efficiency CHP Certification (as set out in SI 298, 299 and 499 of 2009); LPG Safety Licences (in accordance with section 9JE (3) of the Electricity Regulation Act 1999, as amended by the Energy (Miscellaneous Provisions) Act 2012); Network Licences under section 14 (1) of the Electricity Regulation Act 1999 & section 16 (1) of the Gas Act 2002; and REMIT (Regulation on Energy Market Integrity and Transparency) Registration (SI 480 of 2014).
- Retail energy market monitoring measures, in compliance with requirements stemming from the 3rd Package of European energy legislation which was transposed into Irish law by S.I. No. 450 of 2010 and S.I. No. 630 of 2011 (the S.I.s covering electricity and gas, respectively).
- Conducting audits on energy suppliers to ensure compliance with the Electricity and Gas Supplier Handbook (the Supplier Handbook), as a Code of Practice prescribed for in S.I. No. 463 of 2011.
- Conducting investigations to ensure compliance with the conditions of a licence issued under sections (1) (b), (g) or (h) of the Electricity Regulation Act 1999, or sections 16(1)(a) or (b) of the Gas (Interim) (Regulation) Act 2002.
- Conducting public hearings where the CRU is satisfied that sufficient grounds exist to warrant a public hearing (as prescribed under the Electricity Regulation Act, 1999 Section 20, as amended).
- Facilitating registration appeals, complaints and disciplinary relating to applicants to or members of Safe Electric and RGII Schemes and facilitating the sharing of information in relation to prosecutions against unregistered gas installers and electrical contractors. As prescribed for under Electricity Regulation Act 1999, as amended and the Criteria Document(s).
- Facilitating the monitoring and inspection of Safe Electric and RGII Inspectors (As prescribed for under Electricity Regulation Act 1999, as amended and the Criteria Document(s).
- Investigating natural gas or Liquefied Petroleum Gas (LPG) incidents to identify the cause and make recommendations on the prevention of future incidents as prescribed for by the Gas (Amendment) Act (Section 2) (Distribution) Order 2003 and Energy (Miscellaneous Provisions) Act 2012
- Establishing an Appeal Panel as defined in the Electricity Regulation Act 1999 as amended (revised and updated to 3 January 2018).
- Complying with your information rights.
- Preparing returns to relevant authorities including preparing income tax, PSWT, VAT3 and other revenue returns.
- Complying with binding requests from regulatory bodies, such as the Data Protection Commission and the Office of the Information Commissioner.
- Complying with court orders arising in civil or criminal proceedings.
- Facilitating the making of a Protected Disclosure to a Commissioner in the CRU as prescribed by The Protected Disclosures Act 2014.
To fulfil the terms of a contract
- Engaging service providers and suppliers and for the provision of and payment for goods and services.
- Filling vacant positions and for the engagement and payment of employees.
- Monitoring and recording the conversations when you speak on the telephone to our out-sourced customer contact provider (to analyse, assess and improve customer service experience and for quality and contract management purposes).
Performing a task carried out in the public interest
- Contacting you by post, phone and email.
- Facilitating public input and comment on CRU Consultations.
- Managing and responding to complaints about us.
Where you have given us permission (which you may withdraw at any time)
- Using special categories of data, or sensitive data.
When we ask for your consent, we will provide you with more information on how we will use your data in reliance on that consent.
To protect your vital interests
Occasionally it may be necessary for the CRU to process personal data in order to protect a vital interest of an individual.
To run our organisation on a day to day basis including to
- Contact stakeholders: Business contact information relating to stakeholders (personal information typically found on a business card used by you in the conduct of your employment) is processed for legitimate business-related purposes.
- Compile and process your information for audit, statistical, reporting or research purposes (including, in some instances, making your data anonymous) in order to help us understand utility markets trends and to provide information to assist our regulatory functions.
- Protect our business, reputation, resources and equipment and manage the CRU network systems, and information.
- Provide security and prevent and detect crime including using CCTV at our premises.
- Manage and administer our legal and compliance affairs.
The CRU will only process your personal data for the purposes for which they were originally collected and it will only be processed further for the following closely related business purposes:
- transferring the personal data to an archive;
- conducting internal audits or investigations;
- implementing business controls;
- conducting statistical analysis or research as required;
- preparing for or engaging in dispute resolution;
- using legal or business consulting services; or
- managing insurance issues.
How long we hold your information
The length of time we hold your data depends on a number of factors such as:
- The type of data we hold about you.
- Whether there is a legal obligation to hold the data for a minimum specified period.
- Whether there is a public interest basis to hold the data for a specified period.
- Where there is a sound evidence-based reason to hold the data for a specified period.
As a general rule, we keep your information for a specified period after the date on which your interaction with us has completed.
This is for 12 months in the case of general queries / information requests / contacts or the resolution of simple customer complaints to 24 months in the case of complex customer complaints. Consultation responses published on the CRU will remain there indefinitely.
When you contact us with a query or complaint, you may receive a phone call and/or email in relation to that contact. If you would prefer not to receive such communications, please let us know.
Processing your information outside the EEA
Your information is stored on secure systems within the CRU premises and with providers of secure information storage. We may transfer or allow the transfer of information about you with us to our service providers and other organisations outside the European Economic Area (EEA), but only if they agree to act solely on our instructions and protect your information to the same standard that applies in the EEA.
Exercising your information rights
You have several rights in relation to how we use your information. If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise.
You have the right to:
- Find out if we use your information, to access your information and to receive copies of the information we have about you.
- Request that inaccurate information is corrected and incomplete information updated.
- Object to particular uses of your personal data which you believe is causing damage or distress and where the legal basis for our use of your data is the performance of a task in the public interest or our legitimate business interests or. However, doing so may have an impact on the services we can provide. If you wish to object to certain data processing operations, please state set out how the processing is causing you unwarranted and substantial damage and distress.
- Have your data deleted or its use restricted – you have a right to this under certain circumstances. For example, where you withdraw consent you gave us previously and there is no other legal basis for us to retain it, or where you object to our use of your personal information for particular legitimate business interests.
- Obtain a transferable copy of certain data to which can be transferred to another provider, known as “the right to data portability”. This right applies where personal information is being processed based on consent or for performance of a contract and the processing is carried out by automated means. You are not able to obtain through the data portability right all of the personal information that you can obtain through the right of access. The right also permits the transfer of data directly to another provider where technically feasible. Therefore, depending on the technology involved, we may not be able to receive personal data transferred to us and we will not be responsible for the accuracy of same.
- Withdraw consent at any time, where any processing is based on consent. If you withdraw your consent, it will not affect the lawfulness of processing based on your consent before its withdrawal.
To facilitate your request, when contacting us, please specify the reasons why the personal data are incorrect, incomplete or not lawfully processed. Please note that in certain circumstances the CRU may not be able to fulfil your request as we may be legally required to keep such data.
We are obliged to respond without undue delay. In most instances, we will respond within one calendar month. If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests), we may extend this period by a further two calendar months. Should this be necessary, we will explain the reasons why. If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise. In order to respond in writing, please provide us with your full name and home address (including your Eircode).
You can assist us in responding to your request by including any additional details that would help to locate your information – such as; the type of personal data involved, your customer account or reference number or the circumstances in which the CRU obtained your personal data. The CRU has templates available which may be issued to you to assist in responding to your request. You may also be asked for evidence of your identity to make sure that personal information is not given to the wrong person.
You have the right to complain to the Data Protection Commission or another supervisory authority.
You can contact the the Data Protection Commission at https://www.dataprotection.ie/docs/Contact-us/b/11.html
|Telephone:||+353 (0)761 104 800 or Lo Call Number 1890 252 231|
|Fax:||+353 57 868 4757|
|Postal Address:||Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois R32 AP23 or 21 Fitzwilliam Square, Dublin 2, D02 RD28|
How to contact us and our Data Protection Officer
If you have any questions about this notice or your personal information in the CRU generally, including questions about accessing your personal information or correcting it, please contact our Data Protection Officer at;
|Telephone:||+353 (0)1 4000800|
|Postal Address:||The CRU, Grain House, The Exchange, Tallaght, Dublin 24, D24 PXW0, Ireland|
Changes to this notice
We will update this Privacy Notice from time to time. Any changes will be communicated to you and made available on this page and, where appropriate, notified to you by e-mail or when you contact the CRU again.
 RGII (Register of Gas Installers of Ireland); Safe Electric - RECI (Register of Electrical Contractors of Ireland).
 Electricity: MRSO (Meter Registration System Operator), ESBN (ESB Networks)
Gas: GPRO (Gas Point Registration Operator), GNI (Gas Networks Ireland)
Water: Irish Water
Electricity & Gas Suppliers: BE Energy, Bord Gáis Energy, Electric Ireland, Energia, Flogas, Go Energy, Just Energy, Panda Power, Pinergy, PrePayPower, SSE Airtricity, Vayu.
 As provided by GNI (Gas Networks Ireland) or Calor Teoranta or Flogas Ireland Limited depending on origin of incident