Privacy Notice

At EirGrid plc (EirGrid), we take our obligations under data protection law very seriously and we're committed to keeping your personal data private and secure.

This statement is designed to help you understand what personal data we hold, why we collect it, why it is required, what we do with it and how we protect it.  It also explains your rights in relation to how we hold and use your personal data, how to exercise those rights, and what to do if more information is required or a complaint is to be made.

This privacy notice applies to all personal data we hold, irrespective of any relationship with us, and explains the following:

EirGrid is a statutory company established pursuant to the European Communities (Internal Market in Electricity) Regulations 2000 (S.I. 445/2000) and the designated Transmission System Operator for Ireland.  Pursuant to the Electricity Act 1999 (as amended), EirGrid is licensed under a transmission system operator licence (“TSO Licence”) to carry out the role and functions of the Transmission System Operator.

In this privacy statement, the terms "we", "our", and "us" are used to refer to EirGrid. EirGrid is a “controller” under the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) in respect of any personal data you provide to us.

EirGrid is regulated in Ireland by the Commission for Regulation of Utilities (CRU).

What is Personal Data?

“Personal data” is any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier such as a user IP addresses or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The definition of personal data also includes special categories of personal data.

"Special categories of personal data" are any personal data that reveals a data subject’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; genetic data or biometric data and data concerning health or a data dubject’s sex life and sexual orientation.

Processing of special categories of personal data is prohibited except in certain circumstances.

Technical Data Collected

When you visit the EirGrid website, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website. This non-personal data comprises information that cannot be used to identify or contact you, such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our website.  We also collect certain information using cookies. Cookies are small text files that web servers can store on your computer's hard drive when you visit a website. They allow the server to recognise you when you revisit the website and to tailor your web browsing experience to your specific needs and interests. For more information on our use of cookies, please see our Cookies Policy.

What Personal Data Do We Use?

We use, or process, a number of different categories of personal data.

These personal data are largely grouped into two types:

Personal Data You Give Us:

This is information about you that you give us when engaging with EirGrid – for example, by filling in forms, responding to questionnaires or by corresponding with us by phone, face-to-face or by e-mail. It also applies to situations where you respond to a public consultation exercise or an information gathering exercise which relates to EirGrid's general business or responsibility for the safe, secure, efficient and reliable operation of the high voltage electricity Transmission System in Ireland.  The information that you give us may include some, or all of the following (depending on the circumstances):

We may record telephone calls you make to us for training or quality purposes.  Where you provide information about others, you must ensure that you have their consent or are otherwise entitled to provide this information to us.

Personal Data We Receive From Other Sources

This is information about you that we receive from other sources such as our business partners (e.g. ESB), or from publicly available sources such as (but not limited to) the Land Registry, death notices and electoral registers.  The information that that we receive from these sources will include some, or all of the following (depending on the circumstances):

The Purpose and Legal Basis for Collecting Your Personal Data

What Do We Use Personal Data For?

Our core business and central focus is the safe, secure, efficient and reliable operation of the high voltage electricity transmission system in Ireland. To this end we use information held about you in the following ways (as applicable):

What are Our Legal Bases for Processing Personal Data?

Data protection laws require that we have a legal basis in order to use your personal data in the manner described in this privacy statement.

We rely on the following legal bases in order to process your personal data:

The processing is necessary for the performance of a task carried out in the public interest or in the exercise of an official authority vested in EirGrid.

Pursuant to the TSO Licence and its legislative functions, EirGrid must operate, maintain and develop a safe secure and reliable electricity transmission system and in doing so is required to process the information about you referred to in this document.

You have given your consent to the processing of your personal data.

We may use your contact details to provide you with certain promotional information about our activities where you have provided your explicit consent for us to do so.  You may withdraw this consent at any time by asking us to stop sending you such promotional information.  Please note that withdrawing your consent will not affect the legality of any processing which took place prior to this withdrawal.

The processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract.

Where we enter into a contract with you (for whatever reason), we will need to process certain personal data about you in order to perform our obligations under that contract.

The processing is necessary for compliance with a legal obligation to which EirGrid is subject.

On occasion, we are under a legal obligation to process personal data.  This could be for the prevention of fraud, or in relation to a criminal investigation.

The processing is necessary for the purposes of EirGrid’s legitimate interests.

There may be circumstances, unless the interests and fundamental freedoms of a Data Subject override them, where EirGrid has a legitimate interest in further processing of personal data.  This could include the transfer of personal data between members of the EirGrid Group for internal administrative purposes.

The processing is necessary for the performance of a function conferred on EirGrid by statute.

Regarding Special Categories of personal data, we may sometimes be provided with certain medical information (for example from legal personal representatives) which relates to a Data Subject’s physical or mental capacity. We may need to process this information when carrying out EirGrid’s statutory functions of operating, maintaining and developing a safe secure and reliable electricity transmission system. We only use this information to allow us to ensure we deal with landowners and other stakeholders in an appropriate manner.

How We Store and Secure Personal Data

Any data we collect from you will be stored confidentially and securely with appropriate technical and organisational controls.  EirGrid are committed to ensuring all accesses to, uses of, and processing of EirGrid processed personal data is performed in a secure manner.

How Long is Personal Data Kept for?

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it was collected.  After that, we will delete it.  The retention period may vary depending on the purposes for which the information was collected.

Where a specific legal or regulatory requirement applies to your personal data, we will retain it for the period of time specified in such legal or regulatory requirement. In the absence of a specific legal or regulatory requirement we will retain your personal data for the applicable
statutory limitation period following the end of the matter to which it relates. We may be required to extend the retention period if the data is required in relation to a complaint, investigation, judicial review, claim or litigation.

Please also note that we are sometimes legally obliged to retain original legal documents, such as easements or title deeds, indefinitely.

Details of Third Parties with Whom We Share Personal Data

Whom Do We Share Personal Data With?

We may share your personal data with the EirGrid Group.  This means EirGrid plc, System Operator for Northern Ireland (also known as "SONI"), the Single Electricity Market Operator for the island of Ireland (also known as "SEMO"), EirGrid Interconnector DAC and EirGrid Telecoms DAC.

We will only disclose your personal data:

Transfers of Your Personal Data Outside the European Economic Area

The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (the "EEA"). The EEA includes all EU countries plus Iceland, Liechtenstein and Norway. One example of when we do this is when we use certain third-party cloud storage providers.

When we send personal data outside the EEA, we make sure suitable safeguards are in place (in accordance with European data protection requirements) to protect the data. In all cases these safeguards will be one of the following:

More information on these safeguards can be found on the European Commission's website.

Since the departure of the United Kingdom from the EU (“Brexit”), SONI, as a member organisation of the EirGrid Group based in Northern Ireland, is outside the EEA. This means that data, including personal data, held by the EirGrid Group is being transferred and stored outside the EEA on a regular basis, each time a member of the EirGrid Group transfers or stores personal data with SONI.

Following the European Commission’s adequacy decision of 28 June 2021, the United Kingdom’s data protection laws have been approved as “essentially equivalent” to those that exist in the EU. For this reason, the EirGrid Group can transfer personal data to and from SONI without any additional requirements.

If you have any queries in relation to the UK’s data protection laws or would like to know more about your rights or the complaints process in relation to data protection in the UK, you can visit the website of the Information Commissioner’s Office. Alternatively, you can contact their Northern Ireland office at:

The Information Commissioner’s Office – Northern Ireland
3rd Floor
14 Cromac Place,
Belfast
BT7 2JB

Right of Access: You have the right to request a copy of the Personal Data we are processing about you and to exercise that right easily and at reasonable intervals.

Consent: You have the right to withdraw your consent where that is the legal basis of processing.

Rectification: You have the right to have inaccuracies in Personal Data that we hold about you rectified.

Erasure: You have the right to have your Personal Data deleted where we no longer have any justification for retaining it subject to exemptions such as the use of pseudonymised data for scientific research.

Object: You have the right to object to processing your Personal Data if:

Restriction: You have the right to restrict the processing of your Personal Data if:

Portability: Where it is technically feasible you have the right to have a readily accessible machine readable copy of your data transferred or moved to another data controller where we are processing your data based on your consent and if that processing is carried out by automated means.

Contact: You may contact us using the details on our website (or by contacting our DPO directly – details below) to exercise any of these rights. Please address any questions, comments and requests regarding our data processing practices to our Data Protection Officer in the first instance. Our DPO can be contacted by writing to the Data Protection Officer, EirGrid plc, The Oval, 160 Shelbourne Road, Ballsbridge, Dublin 4, D04 FW28 or at DataProtection@EirGrid.com.

Finally, if you are not satisfied with the information we have provided to you in relation to the processing of your data or you can also make a complaint to the Data Protection Commission via the contact details below.
 

EirGrid may update this notice from time to time to ensure it is current and in line with best practice so please ensure you are considering the most up to date version of this notice.

Last updated: 14 October 2022