Data Protection (Jersey) Law 2018 and the Data Protection Authority (Jersey) Law 2018 seek to protect and enhance the rights of Jersey data subjects. These rights cover the safeguarding of personal identifiable data and protection against the unlawful processing of personal data.
CQS – Contractor Quality Scheme (Jersey)
Data Subjects – individuals who have shared personal data either directly with us or via a third party such as a Contractor;
The MCS Service Company Limited – is abbreviated to the MCS Service Company;
Other Persons – householders who have an installation, third party providers of services, partners who the MCS Service Company Limited and/or CQS work with and the Jersey Government;
The MCS Service Company is pleased to provide the following information:
The MCS Service Company (Limited) is incorporated under the Laws of England and Wales with company registration number 07759366 and is based at First Floor, Violet 3, Sci-Tech Daresbury, Keckwick Lane, Daresbury, WA4 4AB. Our registration number with the JOIC is: 100556.
The MCS Service Company’s primarily certifies microgeneration products used to produce electricity and heat from renewable sources.
CQS is managed by the MCS Service Company and is responsible for managing low-carbon technology installations on behalf of the Government of Jersey. CQS is also responsible for the independent compliance assessment of contractors installing low-carbon technologies.
WHAT DATA DO WE COLLECT?
Personal data comprises personal identifiable information (PID) about data subjects allowing them to be identified. It does not include data where their identity has been removed.
We collect, use, store and transfer different PID about data subjects which may include some or all of the following information:
(a) Your name
(b) Your email address and phone number
(c) Name of the company that you represent and your job title
(d) Your username, and password
(e) Technical data including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website (such as smartphones, notebooks and desktops)
(f) Information about how you use our website, including your traffic data
(g) Your correspondence and feedback to us
HOW DO WE COLLECT PERSONAL DATA?
We use different methods for the collection of Users’ data through:
Direct interactions. You may give us your identity, contact, company, user account and customer care data when you:
• Provide documents or information to us
• Fill in forms on our website
• Correspond with us by telephone, email or otherwise
• Complete surveys for research or statistical purposes needed by the Government of Jersey
We may also receive additional information about you from:
• Agencies engaged by us to verify the information you have provided and to prevent and detect fraud
• The Government of Jersey
• The Jersey Low-Carbon Heating Incentive Scheme
• A CQS contractor will share your contact details with us when they register your installation.
HOW WE USE PERSONAL DATA?
We will only use your personal data where data protection legislation allows, such as:
• Where we need to deliver services at your request and in accordance with specific terms and conditions; where it is necessary for our legitimate interests; where we need to comply with a legal or regulatory obligation.
Below we have listed many of the ways we use your personal data and the legal basis we rely on to do so.
To supply services you request, including the registration for the database, its usage and troubleshooting.
To charge for any services requested.
To carry out investigations in relation to compliance and complaints regarding our services, as well as site inspections and audits.
To prevent and detect criminal activities.
To complete a survey for purely research and statistical purposes.
To use data analytics to improve our services, customer relationships and experiences, providing data for the data dashboard and where applicable secure our website.
What we are requested to do, both contractually and by law.
LAWFUL BASIS FOR PROCESSING
Please note that we may process your PID for more than one lawful basis depending on the specific purposes for which we are using your personal data.
1 – Vital interests
To provide information where we believe it is in the vital interest of those with installations and/or contractors to receive it, such as health and safety warnings, servicing information etc.
2 – Contractual
Performance of the requested service in accordance with our Terms and Conditions and/or any other contractual obligations.
3 – Legal
Necessary to comply with a legal obligation.
4 – Legitimate interests
To promote the MCS Service Company and CQS to individuals, Contractors, Other Persons, government agencies and all other relevant parties, to increase awareness of the Scheme and the service provided.
To survey end user installations or planned end user installations to ensure that the service offered meets expectations.
To protect data subjects and the business from criminal and illegal activities.
To allow us to provide customers and potential customers with information. These communications may include social media direct messaging, email, newsletters, telephone calls, text messages and any other channels to reach those who may be interested in using or are already using some of the services we provide.
5 – Public interest
In a limited number of circumstances, we are permitted to process personal data where it is deemed to be in the public interest. This includes sharing certain data including your name, address and email with government agencies and other not for profit organisations.
6 – Consent
In certain circumstances we may seek your consent to process your data, however where possible we will try and process using one of the other five lawful methods.
Please see our separate cookies policy.
TO WHOM DO WE DISCLOSE PERSONAL DATA?
We do not disclose personal data to anyone, except when we need to share it with:
• External third parties that provide specific services to us, such as website and database design and management, data storage, online phone helpline, government agencies, payments processing, external auditors, accountants, insurance providers, marketing agencies and where applicable payroll companies.
• Credit Reference Agencies for the prevention and detection of fraud or non-compliance with government financial incentives such as the Low-Carbon Heating Incentive Scheme.
• Regulatory and judicial authorities who require reporting of processing activities in certain circumstances. More specifically, we may need to disclose personal data of installation companies to:
o The Government of Jersey for reporting, monitoring, application processing, compliance and complaints handling purposes for the administration of the Low-Carbon Heating Incentive Scheme and others as applicable. As well as in support of any criminal or civil investigations carried out by relevant authorities.
We may also provide third parties with aggregate and non-attributable information about installation companies, installation owners, and product companies.
In certain circumstances, we will work with local authorities, government agencies and not for profit organisations to provide them with a list of certified contractors from the contractor directory for their procurement requirements.
We do not allow third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our written Data Processing Agreement and instructions.
WHERE IS PERSONAL DATA STORED?
All information about you is stored on our servers in the United Kingdom. However, there are occasions when we need to commission certain services from third party processors such as Mailchimp, SurveyMonkey and Maximiser CRM based outside the UK. We will only share your data with these third parties where we have in place appropriate safeguards such as Standard Contractual Clauses, Data Processing Agreements and/or International Data Transfer Agreements to ensure the safety of your personal data.
If you wish to receive more detailed information about your personal data, please send your request to firstname.lastname@example.org
HOW DO WE SECURE PERSONAL DATA?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those staff members or other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a strict duty of confidentiality.
Processes to deal with any suspected personal data breach have been put in place and we will notify you and any applicable supervisory authority of a breach, where we are legally required to do so.
HOW LONG DO WE RETAIN PERSONAL DATA?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
For further information concerning specific data retention periods, please ask for a copy of our Data Retention Schedule.
WHAT ARE YOUR PRIVACY RIGHTS?
All data subjects have certain rights in relation to their personal data which are as follows:
• Access to your personal data – This enables you to receive a copy of the personal data we hold about you and to check how we process it.
• Correction of your personal data – This enables you to have any incomplete or inaccurate data we hold about you corrected or completed, though we may need to verify the accuracy of the new data you provide to us.
• Erasure of your personal data – This enables you to ask us to delete personal data where there is no legitimate reason for us to continue processing it. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Object to the processing of your personal data – This allows you to ask us to terminate the processing of your personal data where we are relying on a legitimate interest or one of the other five processing options. In some cases, we may demonstrate that we have a lawful reason for processing your information which overrides your request.
• Restriction of processing your personal data – This enables you to ask us to suspend the processing of your personal data in certain circumstances.
• Transfer of your personal data – This enables you to ask us to transfer your personal data to you or to another service provider. We will provide to you, or your nominated representative, your personal data in a structured, commonly used, machine-readable format.
Note, however, that this right only applies to automated information which you may have provided under Terms and Conditions to us.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee for subsequent requests if they are found to be repetitive and/or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
Before complying with a Data Subject Access Request, we may need certain information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We will provide the requested information within 30 days after we are satisfied as to your identity.
Time limit to respond
If we are unable to respond within 30 days, for example if your request is particularly complex or you have made a number of requests, we will notify you and keep you updated.
Your right to lodge a complaint
You have the right to make a complaint at any time to the Jersey Office of the Information Commissioner JOIC.
However, we would appreciate the chance to deal with your concerns first before you approach the supervisory authority, so please do contact us in the first instance.
HOW TO CONTACT US
For compliance questions in relation to this policy, you may contact us by email at: email@example.com by telephone: 0333 103 8130 or post: First Floor, Violet 3, Sci-Tech Daresbury, Keckwick Lane, Daresbury, Cheshire, WA4 4AB.