Image
Cyclist on top of mountain with sunset

Privacy notice

We, meaning National Energy System Operator (“NESO”) whose registered office is St Catherine's Lodge, Bearwood Road, Sindlesham, Nr Wokingham, Berkshire, RG41 5BN, are committed to respecting your privacy and complying with applicable data protection laws. 

As we are a Data Controller of your personal data, we have provided this Privacy Notice to help you understand what personal data we collect about you, what we use it for and on what basis, and your rights in relation to that personal data.

Please note that we are no longer part of the National Grid plc group – for more information on how National Grid plc and its group companies may process your personal data, we recommend you refer to the National Grid plc privacy notice. 

We collect personal data about you directly when you visit our website neso.energy and any other NESO website or portal, or when you otherwise communicate with us, for example by phone, email, social media channels, mail, or when you join a webinar or video call or visit one of our offices.

We may also collect your personal data automatically in certain circumstances, for example CCTV footage if you visit one of our offices or sites, or via cookies when you visit our website. For more details about NESO’s use of cookies see our cookie policy.

We may also collect personal data from public sources, for example from the Land Registry, or receive it from National Grid plc group companies, joint venture partners, or service providers contracted to carry out work on our behalf.

Data protection law requires us to have a legal basis for using your personal data. We rely on one or more of the following legal bases:

  • Contract. Where we need to perform the contract we are about to enter into or have entered into with you. If you fail to provide personal data to us in connection with a contract we are about to enter into or have entered into with you, this may prevent us from entering into that contract with your or from performing our contractual obligations toward you.
  • Legitimate interests. Where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure user experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless permitted under an alternative legal basis).
  • Legal obligation. Where it is necessary for compliance with a legal obligation that we are subject to. 
  • Consent. Where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter. Where we rely on your consent for processing, you are free to withdraw this consent at any time.
  • Public interest. Where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in NESO.
  • Vital interests.  Where the processing is necessary in order to protect your vital interests or those of another person.  This is generally only the case where we need to protect someone’s life and covers emergency situations and matters of life and death.

Where we need your consent to hold your personal data we will ask you separately to confirm your consent, either by a written statement or other ‘opt-in’ mechanism, such as ticking a box or clicking on a button. In each case we will inform you separately from this notice about why we are collecting the personal data, how we will use it, how long we will keep it, and how you can subsequently opt-out if you change your mind. 

You may have previously provided consent with respect to the use of your personal data to National Grid Electricity System Operator (ESO).  If you have any queries about our change in name and legal status please contact our Data Protection Officer.  You may withdraw your consent at any time.

The following sections explain the different ways we may use your personal data and our legal basis for doing so.  We may process Special Category Personal Data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data and biometric data where it is used for the purpose of uniquely identifying a natural person; data concerning health or data concerning a person’s sex life or sexual orientation) and data relating to criminal convictions or offences and have indicated below where this is the case.

Purposes   Legal Basis
Customer, Supplier, and Consumer Data
Customer, Supplier and Service Provider Data If you are a customer, supplier or service provider we may need to process certain data items, such as the names of key staff and their contact details in order to consider applications, proposals and tenders and in order to manage and fulfil any contractual obligations. In some instances, records relating to qualifications, certificates, training, professional licences and health and safety competency records may be collected in order to meet legal obligations.

Contract; Legal Obligation

 

Consumer/Meter data We may receive usage data associated with consumers' meters to help us analyse energy demand. This data is linked to Meter Point Assessment Numbers (MPANs), which are related to the energy supply at a property and not the energy account with a supplier. Energy suppliers will notify consumers about any data sharing with NESO. NESO utilizes this data for energy system planning and management purposes and does not utilize it to identify individual consumers. Public Task/Public Interest
Projects, Consultations and Assessments
Consultations Consultations are normally carried out by consent with individuals choosing to participate. Further information will be provided in the consultation information. Consent
Stakeholder and community engagement and assessments NESO may seek the views of stakeholders and members of communities when considering options and projects to assess the impact on the environment and communities. Public Task/Public Interest

Keeping You Informed About New Projects

 

If an electricity project is being proposed in your local area, we may invite you to sign up to receive information and updates on the project. If you provide your name and email address, we will use this, with your permission, to send you project updates. You may opt-out of receiving updates at any time: you will be informed of how to do so in each email we send you. Consent
Information Requests

Processing Subject Access Requests (SARs) and other data subject rights requests

 

If you submit a SAR we will perform a reasonable search of relevant systems and relevant hard copy data stores. We will hold copies of your request, along with copies of the personal data retrieved and disclosed to you (or, subject to the application of a valid exemption, withheld or redacted) as evidence of compliance. We may be required to share such information with the Information Commissioner's Office (ICO), for example to comply with an audit or investigation. Where we hold any Special Category Personal Data as such evidence we do so on the basis of establishing, exercising or defending legal claims. Similarly we will process your personal data to manage any other requests from you in relation to your data subject rights and will retain records of our actions and responses. We may need to request copies of ID in order to process your SAR or other data protection rights request. Legal Obligation
Responding to Requests made under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 NESO is required to collect your name and an address for correspondence for all FOI and EIR requests. We may be required to share personal data with the ICO, for example to comply with an audit or investigation. Legal Obligation

Information Request Notices

 

NESO has legal powers under the Energy Act 2023 to issue an Information Request Notice where we reasonably require information to undertake our functions. Further information about the requirements and how data will be managed will be provided as part of the Information Request Notice. Public Task/Public Interest
Queries and Complaints

Responding to general queries and complaints

 

If you contact us with a query or complaint about any of our activities, we will record the details of your request, and if we are unable to immediately resolve the matter, we will ask you to provide contact details of your choice - such as a telephone number, email, or postal address - which we will use to contact you with updates when we have investigated the matter further.  We may compile aggregated data for service improvement and reporting purposes, but will not identify individuals. Legitimate Interests

Voice Recording of Phone Calls

 

Your voice may be recorded when making calls to some company numbers, for example helpdesks and trading desks. You will be informed at the start of the call if the call is to be recorded. We use these recordings to monitor compliance, conducting safety investigations, and for training purposes. Legitimate Interests
Employee Recruitment
Recruitment

In the event you have applied for a job at the NESO, we use the personal data you submit to consider and process your application, including shortlisting and interviews.

We collect and use the following items of personal data which are necessary in order to enter into and manage your contact of employment (or if you are a Contractor, in the context of your assignment) with us: job application form; home contact details; date of birth; CV and cover letter; education and past employment records; professional memberships and licences; interview notes and scoring; references and employment verification; job offer letter; acceptance letter; contract of employment; emergency contact details.

Expats only: In the event your work assignment requires you work for National Grid outside of the UK we will process the minimum personal data necessary to assist you and your family to relocate, including your passport details, salary and expense details, and names, age and gender of your children.  The types of personal data processed will depend on the requirements of the relevant national, regional and municipal authorities.

Contract
Right to work checks

We have an obligation under the Immigration, Asylum and Nationality Act 2006 to check that you have a right to work for us. Data items we use for this purpose include your date and place of birth; nationality; photograph; signature; and National Insurance Number.

If you were born outside the UK then, depending on your nationality and immigration status, we may also need to retain copies of additional documents, including your passport; national identity card; Registration Certificate or Document Certifying Permanent Residence or Permanent Residence Card issued to you by the Home Office; Biometric Residence Permit or Immigration Status Document; birth or adoption certificate or certificate of naturalisation as a British Citizen; Certificate of Application or Application Registration Card issued along with a Positive Verification Notice issued by the Home Office; online Right to Work check response document.

Special Category Personal Data such as biometric ID will be processed where it is necessary for employment purposes.

Legal Obligation
Pre-employment checks

Any employment offer will be contingent on the completion of pre-employment check which will require the use of your personal data and the collection of further personal data.  Prior to onboarding we will commence background checks on all employees, and require the employer of our contractors to do the same. The level of checks carried out will depend on your role and level of access to our sites, systems, and data, and involve ID verification; address verification; employment and/or education history verification.  They may also include basic criminal record check (unspent convictions only); and international fraud and sanctions check. These checks are carried out in the interest of protecting our assets, employees, contractors, services, and the public.

Special Category Personal Data such as biometric ID will be processed where it is necessary for employment purposes. Personal Data Relating to Criminal Convictions and Offences is processed where it is necessary to meet employment obligations or statutory purposes or where it is necessary as a protective function.

Legal Obligation or Contract
Sponsored migrants In addition to the Right to Work checks, if you are a sponsored migrant we also have an obligation under the Immigration Rules to process the following: a history of the your contact details (UK residential address, telephone number, mobile telephone number); a record of your absences from work; copies of your payslips and frequency of salary payments, showing the transfer of each payment into your bank account or onto a pre-paid card (for example, a FOREX card); details of your contract of employment, including start and end dates of the contract; details of the work that the you have been contracted to do; your hours and rate of pay; and copies of any qualifications you hold to confirm skill level, such as a degree certificate. Legal Obligation

Contacting you prior to commencement of your employment

 

Where you have agreed for us to do so, we use the personal contact details you provide (e.g., personal email address or mobile phone number) to provide you with information and links to assessments you need to complete – for example, completing a Driver Risk Assessment prior to start for roles that include a company car so that you are able to obtain and drive that car from day one, rather than having to wait until you are provided with a work email address to enable completion of that assessment. Contract
Accessibility Requirements and Reasonable Adjustments You may provide us with information about reasonable adjustments you require under the Equality Act 2010. We will process the personal data to comply with our legal obligations. Where the data includes Special Category Personal Data we will process this to meet our legal obligations as an employer and in the substantial public interest. Legal
Onboarding

If your application is successful and you accept a job offer we will use personal data from your application to prepare for you joining NESO. We will collect further personal data from you at this stage, e.g. bank account details for our payroll.

We will also add personal data from your application to your staff records. There is a separate Privacy Notice for employees.

Contract
Information about employee dependents and emergency contacts
Employee emergency contacts We collect names and contact details of emergency contacts for our employees which are securely stored in our employee files and will only be used in emergency situations. 

Legitimate Interests;

Vital Interests

Conflicts of Interests/shareholdings

We ask employees to declare any conflicts of interests, including shareholdings in the energy sector that may give rise to a conflict of interest.  This may include information about their close family members. This is to meet the conditions of our licence which require the independence of NESO.

Processing of personal data related to shareholdings is necessary for us to perform our public task as an independent system operator in the public interest and is required by our licence conditions. This extends to a requirement to ensure the impartiality and integrity of the actions of individual employees. Personal data will be collected and processed in order to ensure compliance with these requirements and as the basis for assurance and compliance reports. Personal data may also be used to support investigations where NESO believes a breach of this policy may have occurred. This personal data will not be shared outside the organisation unless there is a legal, audit, or law enforcement requirement to do so.

Public task/Public Interest
Participation in events, forums, meetings, and visits to our sites

Workgroup and Committee Meetings

 

Where you are a member of a committee or workgroup that supports our licensed activities, we will process your name and contact details for correspondence, and information about your attendance at meetings. Agendas, minutes, and action records may also identify you. Public Task/Public Interest

Events and Forums

 

If you register for an in-person or online event or to attend one of our forums, we will process your data to take your booking, administer ticketing and to manage attendance at the event or forum.  Contract

Site Safety and Security

 

When you visit one of our sites you will be asked to provide your name and contact details in order to be issued a visitor access card. These cards record the dates and times you enter and leave a particular site or part of a site. If you have requested a parking space on one of our sites, we will also record your vehicle registration number.

We use CCTV cameras to monitor the interior of, entrances to, and perimeter of our sites to enable us to respond to security incidents. Footage from some cameras is monitored remotely in real time to facilitate responses to security or safety incidents. All cameras – monitored or otherwise – will store recordings of the footage, which may be reviewed at a later date and used as part of a security or safety incident investigation. If the footage captures evidence of an offence being committed, we will share this with the police.

CCTV is also used on some of our sites to monitor the opening and closing of automated or remotely operated gates or barriers to ensure you are not trapped or injured.

All of these measures are in the interest of your safety and wellbeing as well as necessary for the security of our sites, facilities and employees.

At our Warwick office, the data controller for site information is National Grid plc. 

Legitimate Interests
Accessibility requirements and reasonable adjustments When you attend an in-person or online meeting or event you may provide us with information about reasonable adjustments you require under the Equality Act 2010. We will process the personal data to comply with our legal obligations. Where the data includes Special Category Personal Data we will process this to meet our legal obligations. Legal
Dietary Requirements When you attend an in-person meeting or event which involves catering you may choose to inform us of your dietary requirements. This may include Special Category Personal Data relating to your health. We will only use this personal data with your explicit consent for the purpose of managing the event. Consent
Photos, video and audio recordings Video, audio and photographs of you taken at one of our sites or public events, may be used in our marketing and publicity materials such as our website, hard copy publications and social media channels. We will provide opt-out opportunities and in some circumstances will ask for your specific and explicit consent.

Legitimate Interests or

Consent

Website use and Communications

Website, Platforms, Portals and Subscriptions Accounts

 

When you register as a user for specific platforms and portals, we will set out the purposes for which we collect and process your personal data for that site.   

By registering for an account on our website, you have access to a personal dashboard. Here, you can manage subscriptions to data portal updates, and other personalised information.

Some additional personal data will be requested for accounts and access to platforms in order that we can verify account details and manage your account. In some cases additional security such as Multi-Factor Authentication (MFA) may be required in order to protect access to our systems and services.

Accounts that are not verified successfully will be deleted within seven days of creation. Accounts that are inactive for a period of one year will be deleted.

See also our cookie policy.

Contract

Email notifications

 

Some areas of our NESO website invite you to sign up to receive emails containing information that you may find useful. If you sign up to receive such emails, we will send them to the nominated email address you provide. If you decide that you no longer wish to receive these emails you may unsubscribe at any time via our ‘unsubscribe’ links.

You can sign up via the NESO website to receive email updates on live datasets on the Data Portal too. If you decide that you no longer wish to receive these emails, you may unsubscribe at any time via your NESO Account.

Consent

SMS notifications

 

If you subscribe to receive SMS notifications via the NESO website, and you provide us with your telephone number, you will receive service SMS notifications when a live dataset on the Data Portal is updated. If you decide that you no longer wish to receive these notifications, you may unsubscribe at any time via your NESO Account. You will not receive any SMS notifications for marketing purposes. Consent
Cookies and website analytics When you interact with our website we use cookies to improve your experience while you navigate through the site.  The cookies that are categorised as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third party cookies that help us analyse and understand how you use our websites, to store user preferences and to provide content, communications and functionality that are more relevant to you. These cookies will only be stored on your browser with your consent. You may opt out of these cookies, but opting out may have an effect on your NESO digital experience.  For more information see our cookie policy. We analyse your digital experience with NESO in order to improve it for you and other users, e.g. new feature development, functionality and content improvements, personalisation. Consent
Equality, Diversity and Inclusivity

Equality, Diversity, and Inclusivity Monitoring Information 

 

Where you provide us with e process details relating to your ethnicity, racial origin and religious beliefs to ensure equal opportunities in our recruitment processes,  in order to ensure that we are involving and considering the needs and views of people of different backgrounds and with different requirements in our engagement and activities, and to monitor compliance with equal opportunities legislation. This information is Special Category Personal Data which we process for reasons of substantial public interest. We may publish anonymised summaries of results but will not publish information about an individual or that could be used to identify an individual. Legal

Most of the personal data that we hold is collected directly from you as the data subject but other sources of personal data include:

  • National Grid plc in relation to safety and security on site at the Warwick office.
  • Other organisations within the energy sector, including energy suppliers.
  • Publicly available sources of information.
  • NESO employees in the case of emergency contacts and information about family members.

In the case of employee recruitment activities:

  • Education and training providers to verify your qualifications and competencies.
  • Previous employers to obtain references to assess your suitability for the role as part of the recruitment process.
  • Occupational health service providers to assess your fitness to work or perform particular tasks, or any adjustments we need to make to the workplace to enable you to do so.
  • External background checking providers and the Disclosure and Barring Service to carry out pre-employment checks for any convictions, cautions, reprimands or other warnings you may have received.

Your personal data may be shared with the following parties:

  • Contractors working on our behalf of or in partnership with NESO.
  • External suppliers and service providers who perform functions on our behalf under contract, or support our systems, operations and/or processes. These include External Affairs Agencies collecting consultation feedback in relation to planning applications; Land Agents negotiating wayleave and easement agreements and processing damage claims and compensation payments.
  • National Grid plc in relation to the management of the site at the Warwick office.
  • Consultation feedback obtained during the planning application process will be shared with the Secretary of State, Examining Authority, and members of the public who request access.
  • We may also be required to share your personal data with law enforcement or other regulatory bodies who request access to information about you for the prevention and detection of crime and the apprehension or prosecution of offenders or where we need to report an incident or concern.
  • We may have to share personal data with government bodies and agencies to meet our legal and regulatory obligations. This includes the Department for Energy Security and Net Zero (DESNZ) which owns NESO and Ofgem, the independent regulator for the energy sector. 
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.

Where we use another organisation to process your personal data on our behalf we have contracts and strict controls in place to make sure it is properly protected.  We only share personal data where there is a lawful basis to do so.

Your personal data may be transferred and stored in countries outside the UK. We will always take steps to ensure that any international transfer of personal data is carefully managed to protect your rights and interests in accordance with applicable data protection law, in particular we will either:

  • only transfer your personal data to countries which are recognised as providing an adequate level of legal protection under UK data protection law; or
  • ensure that transfers outside the UK are subject to additional safeguards required by UK data protection law, for example, the standard contractual terms approved for us in the UK (such as the International Data Transfer Agreement or The International Data Transfer Addendum to the European Commission's standard contractual clauses for international data transfers).

You have the right to ask us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) as mentioned above. Contact us as if you would like further information or to request a copy where the safeguard is documented (which may be redacted to ensure confidentiality). 

Retention periods will vary depending on the purpose for which we hold your personal data, but it will only be kept for as long as necessary in relation to the purpose for which it was collected.

  • Consultation feedback obtained as part of the planning application process will be kept for the life of the particular asset (if constructed); otherwise for seven years from the date the Decision Notice is issued.
  • Deeds of Grant of Easement are retained for as long as we maintain interest in the land in question.
  • Wayleave agreements will be retained for the term specified in the agreement, or until you cease to own / occupy the land in question.
  • Details of damage claims and compensation payments for seven years from the date of settlement.
  • Customer enquiries and complaints correspondence is kept for six years.
  • Health, Safety and Competency Records are kept for six years.
  • Customer, Supplier and Service Provider Data is kept for six years.
  • Visitor logs are kept for three years.
  • CCTV footage is generally kept for 30 days before being overwritten, but if required for an incident investigation may be extracted from the system and kept for as long as necessary in relation to that investigation.
  • Subject Access Request data is kept for three years.
  • Email addresses used to provide project updates/ system notifications are kept either for the duration of the particular project, or until you unsubscribe – whichever is earliest.

Your rights are outlined below:

  • The right to request access to the personal data we hold about you, as well as a description of why we have that information, any recipients of your personal data and where we obtained the information from (known as a Subject Access Request (SAR), as referred to above).
  • The right to request correction of your personal data. If the personal data we hold about you is out of date, incomplete or incorrect, you can inform us and ask us to correct or update it. 
  • The right to request erasure of your personal data. If you feel we should no longer be using your personal data you can request that we erase the data that we hold. Upon receiving a request for erasure we will confirm whether it has been deleted or a reason why it cannot be deleted (for example because we have a legal obligation to keep the personal data).
  • The right to object to processing of your data where we are relying on a legitimate interest to process that data. You may request that we stop processing your personal data. Upon receiving your request we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your personal data. Even after you exercise your right to object, we may continue to hold your personal data to comply with your other rights or bring or defend legal claims.
  • The absolute right to object to the processing of your personal data for direct marketing purposes. 
  • The right to request the transfer of your personal data to a third party. You have the right to request that we transfer your personal data to another controller. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • The right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • The right to withdraw consent at any time where we are relying on consent to process your personal data.

To exercise your rights please contact the Data Protection Officer (contact details below). 

We may be required to verify your identity for security purposes. We will comply with your request where it is feasible to do so, within one month of receiving your request. There are no fees or charges for the first request.  However additional requests for the same data may be subject to an administrative fee to cover our costs.

Data Protection Officer contact details

By email:

[email protected] 

Or by writing to:

Information Rights and Data Protection Officer

Legal and Regulation
Faraday House
Warwick Technology Park
Gallows Hill
Warwick
CV34 6DA

At NESO we aim to ensure all personal data collection and use is carried out fairly and lawfully, whilst implementing robust measures to keep your personal data secure. If you are not satisfied with the information provided in this notice, please contact the Data Protection Officer in the first instance so we can resolve your queries or provide you with any additional information required (contact details below).

Alternatively, it is your right to contact Information Commissioner's Office and lodge a complaint. The Information Commissioner is the regulator for UK GDPR.

The Information Commissioner's Office (ICO) has a website with information and guidance for members of the public: https://ico.org.uk/for-the-public/

The Information Commissioner's Office operates a telephone helpline, live chat facility and email enquiry service.  You can also report concerns online. For more information please see the contact page of their website: https://ico.org.uk/global/contact-us/

Data Protection Officer contact details

By email:

[email protected] 

Or by writing to:

Information Rights and Data Protection Officer

Legal and Regulation
Faraday House
Warwick Technology Park
Gallows Hill
Warwick
CV34 6DA