ESB is a dynamic modern business operating in an ever-evolving energy industry. We employ in excess of 6,000 employees and through our internal business functions we process information about our staff in order to manage effectively our relationship with our employees. We are committed to safeguarding the privacy of the personal information that we gather concerning our prospective, current, and former employees for management, human resources, payroll and related purposes.
We respect your privacy
This privacy notice applies to the use of Personal Data by ESB. It explains what information we collect, how we use it, who we share it with and how we protect it. It also details the rights available to individuals in relation to how we hold and use their personal data, how to exercise those rights, and what to do if more information is required or a complaint is to be made.
This privacy notice applies to all personal data we hold in the context of an employment relationship (including subsidiaries of ESB such as ESBI and personnel on secondment to Joint Ventures). For example, we may hold personal information about current and previous employees, candidates for employment, retired employees, and their partners and temporary or subcontracted employees.
Why we collect your Personal Data
We collect your personal data so that we can manage our relationship with you. Activities that we require personal data for include:
- Management of our relationship with employees as part of their employment contract
- Provision of employment related services to employees, former employees, subcontracted employees, and candidate-employees
- Provision of health and wellbeing services to employees
- Responding to employment related requests and providing employment related information
- A range of other employment related activities which we are obliged to undertake, or which we have gained your consent to perform
- Fulfilment of statutory obligations (e.g. Company Law and Safety, Health and Welfare Acts)
We ensure that the information we collect is appropriate to the purposes for which it is obtained.
We are committed to safeguarding the privacy of the personal information that we gather concerning our prospective, current, and former employees.
What Personal Data we collect
At ESB, we recognise the importance of Personal Data entrusted to us. We may collect and hold a range of information about you. Examples of the types of information we may hold include:
- Personal identification information such as your name, address, gender, date of birth, marital status, PPSN, nationality, staff number
- Other information which you have provided to allow us to identify and contact you such as your phone number, passport, photographic identification
- Your contract of employment and any amendments to it
- Details that you have provided about your emergency contact(s), next of kin, spouse, partner, dependents or other beneficiaries
- Employment identifiers such as staff number or business email address that you have provided, or have been assigned
- Information that you have provided about academic background or professional certifications
- Information you have provided in your Curriculum Vitae, or in an employment application, including details about your past employment history
- Information about memberships of groups or societies (e.g. trade union membership, staff sports and social club membership) that you have provided to facilitate us processing salary deductions
- Information that you have consented to provide as part of our equal opportunities or diversity & inclusion programmes
- Information which you have provided as a director of a subsidiary company in ensure we comply with our legal, tax and regulatory obligations such as PPSN, passport, photographic identification and utility bill.
- Photographic images used for security and identification information or for use in internal and external publications
- CCTV images captured for security, safety, compliance of ESB policies or other lawful purposes
- Building access data captured for security, safety, and building management purposes
- Voice recordings of telephone calls where you have been notified that the calls are being recorded
- Video recordings of business related meetings that you have attended where it has been notified that the meeting is being recorded
- Copy of driving licence, insurance details, work permits and safepass details
- Electricity Account number (for Electricity Discount)
- Vehicle and driving licence details to facilitate payment of expenses and compliance with legal obligations
- Copy of passport and travel visas
- Banking details that you have provided to facilitate electronic payments
- Financial data in relation to payroll, pension, benefits and expenses
- Medical data that is relevant to the performance of your duties or to your entitlements
- Other medical data that you choose to share with us
- Career history and performance data that is collected as part of our performance management activities including, where appropriate, disciplinary and grievance records
- Correspondence with or about you, for example a letter to your mortgage company
- Information regarding your use of ESB equipment.
- Personal email addresses for use in specific situations
- Locational data (Fleet Management System)
- Religion in one jurisdiction for equality purposes
- Psychometric test results for Recruitment and Development purposes
In some cases, we may collect information about your activity and use of ESB systems in the context of ESB policies, such as policies on ethics (including bribery and corruption), cyber security, internet or intranet usage or the use of social media. In these cases, your information will be collected and used strictly in accordance with those policies.
Much of the information we hold will have been provided directly by you, but it may also come from other internal sources, such as your manager or a colleague, or external sources, such as referees, employment agencies or a family member.
How we use your Personal Data
We use personal data for the management and performance of your contract of employment. The following are the main ways that personal data may be used
- Processing in relation to salary, benefits, expenses, allowances and deductions
- For HR Approvals such as moving from temporary to permanent status
- To manage Employee Relations (e.g. grievance processes)
- For Recruitment & Selection processes such as internal or external recruitment
- For Performance and Development activities such as goals setting, development plans, training
- For administering pensions processes such as pensions contributions or pension adjustment orders
- For arranging business travel and accommodation
- To validate eligibility to drive ESB owned vehicles or to be covered by ESB insurance policies
- To comply with legal or regulatory requirements
- Processing of personal and medical data for Health Insurance processes such as membership subscriptions or medical related claims or travel/motor insurance
- Conduct of Staff Surveys
- In the development, monitoring and enforcement of ESB policies and guidance
- To manage the appointment of staff members nominated as a director to subsidiary boards and to comply with legal, tax and regulatory requirements and the maintenance of an Ultimate Beneficial Owners register
- To run elections for the selection of worker directors, pursuant to the Worker Participation State Enterprises) Acts
- To run elections for the selection of staff representatives on the Joint Industrial Council.
In addition, ESB operates and offers a range of specialist health and wellbeing services that are available to employees as required, or as part of the management of illness related absence. The following are the main ways that personal data may be used when delivering these specialist services
- Processing of data related to physical or mental health to allow management of a medical case by occupational health specialists
- Processing of personal and financial data of current or former employees as part of an assessment of eligibility to receive financial support from the ESB benevolent and/or hardship funds
- Processing of data related to physical or mental health to facilitate employee referral to the Employee Assistance Programme (EAP). Such referrals may relate to absenteeism, degraded performance or substance abuse.
- Processing of data to facilitate the scheduling of medical appointments and/or delivery of results of health screening services that are periodically offered to employees
- Processing of data to facilitate delivery of vouchers or testing kits for medical tests and vaccinations that are periodically offered to employees
- Processing of data related to mandatory medical assessments undertaken by employees as part of recruitment and selection or on an on-going basis due to their job role within ESB
- Processing of personal data through digital wellbeing tools offered to employees to help them manage their physical and mental wellbeing
Activities that require your consent
In order for us to carry out certain activities using your personal data, we may need to ask for your consent. When consent is being requested, we will provide you with relevant options, such as the choice of whether we may contact you by phone, post, email, text or through other digital media.
Where we require consent, we will explain why and provide sufficient information to allow you to make an informed decision.
When you have provided your consent to perform such activities, that consent may be withdrawn at any time by contacting us requesting its removal.
Should there be any reason for us to collect sensitive personal information (e.g. medical data or trade union membership) other than as outlined in your contract of employment, we ask for consent to collect it. Before consent is given, we explain what information will be collected and what we will use it for. Again, this consent can be withdrawn by contacting us.
Parties with whom we share information
We may share your personal data with, or disclose your personal data to, the following categories of third party:
- Your approved 3rd parties : where you have notified us that you wish us to provide information or payments to 3rd parties such as trade unions, public travel providers, credit unions, charitable organisations, insurance providers, health insurance, or life assurance organisations we will share the required information in accordance with your instructions
- Agents or suppliers: these are persons or companies we have contracts with to provide products or services that we use in conducting our business, including managing our relationship with our employees. These may include companies that: process payroll and payslips, administer pension schemes, provide recruitment and visa services, medical health services, onboarding services, staff rewards, and employee development programmes.
- Professional and other advisers: we may share or disclose personal data to professional advisers we may engage for any reasonable purpose in connection with our business, including assistance in protecting our rights. For example for Pensions Defined Contributions members the ESB share staff information with the relevant insurance company to ensure correct coverage for Death in Service or Income Protection.
- Other external bodies: in certain circumstances, we may be required by law to disclose personal data to external bodies, such as local authorities, government departments, Central Bank of Ireland, Regulatory Authorities, the Standards in Public Office Commission (SIPO), Revenue Commissioners or An Garda Síochána. In these cases, we will only disclose the minimum amount of information required to satisfy our legal obligation. However, once the information is disclosed, we will not be able to control how it is used by those bodies. For staff members nominated to subsidiary boards, in certain circumstances we may share or disclose your personal data to entities for whom you are an appointed director, external auditors, the Revenue Commissioners, the Companies Registration Office, or other third parties for know your customer purposes.
In some cases, our suppliers or business partners may be outside of the EEA. We will only share or disclose to these parties the information that they need in order to provide the products or services, and will require those parties to ensure that the information is always adequately protected. Where personal data is transferred outside of the EEA, we ensure that all such transfers are made in accordance with data protection law and that your data it will be given an equivalent level of protection that it has when it is being managed in Ireland.
How we protect it – Security of your Personal Data
We keep our computer systems, files and buildings secure by following legal requirements and international security guidance. We make sure that our staff, and anyone with access to personal data that we are responsible for, is trained on how to protect personal data. We ensure that our processes clearly identify the requirements for managing personal data and that they are up to date. We regularly audit our systems and processes to ensure that we remain compliant with our policies and legal obligations.
Our Intranet uses ‘cookies’ to help us provide users with a better experience each time they visit. A cookie is a small piece of text that is placed directly on a device when it is used to visit a website. This helps to give the user a better experience when using the website. The information gathered by the cookie stays on the users’ devices.
We use information gathered from cookies to help improve users experience on our website, for security and to personalise content and advertising. For example, cookies help us to identify that the device has visited our site before, allowing us to customise the experience based on previous browsing history. It also helps us to determine the most relevant information to show that user when they are browsing. Further information about the type of cookies that we use and their purpose is available in the cookies policy on the ESB website.
How long we keep data
Information collected by us will be held for as long as it is required to fulfil the purpose it was collected and to protect our business and our rights. We are required to keep certain types of information for a specific period of time in order to comply with legal requirements. The length of time we keep any part of your personal information will depend on the type of information and the purpose for which it was obtained.
How we address your rights
Although ESB needs to capture, store and process your personal information in order to carry out a range of services, you have a range of rights available to you to give you confidence that your information is appropriately managed. Detailed information about your rights, when they apply and our responsibilities to you are available on our website.
The rights that you have available to you include:
Gaining access to and copies of your personal data: you are entitled to receive, on request and free of charge, a copy of all your personal data that we hold. There are some limitations to this right. For example, if the data also relates to another person and we do not have that person’s consent, or if the data is subject to legal privilege. Where there is data that we cannot disclose, we will explain this to you.
Ensuring that your data is accurate: our aim is to ensure that the data we hold about you is correct and up to date. From time to time we may contact you to verify the information that we hold. You may also contact us to correct any errors that you notice.
Granting or Removing consent: where we require your consent for any processing, for example, to provide you with direct marketing communications, we will clearly explain what the consent is for, and any consequences of giving or refusing consent, and will provide that consent can only be given by way of a positive action by you. We will also ensure that you are able to withdraw any such consent at any time.
Restricting processing of your data: you have the right to request us to restrict the processing of your personal data in certain circumstances, for example, if there is a dispute over our rights to carry out specific processing activities, or where you do not want us to delete data. We will respond promptly to your request and will provide an explanation if we cannot fully comply.
Deletion of your data: in certain circumstances, you may have the right to have some or all of your personal data deleted from our records. This is sometimes referred to as the “right to be forgotten”. This may occur if, for example, we retain data which is no longer required by us, or if you withdraw a consent. If you continue to have a relationship with us, we must retain the data we need to manage this relationship. We will respond promptly to your request, and provide reasons if we object to the deletion of any of your personal data.
Moving your data: where it is possible for us to provide it, you have the right to receive a digital copy of the personal data that you have provided to us.
How to contact us
In relation to Personal Data Individuals have the right to be informed, the right of Access, the right to rectification, the right of erasure, the right to restrict processing, the right to Data Port, the right to withdraw consent and rights in relation to automated decision making and profiling. The collection and use of your data by ESB is overseen by the ESB Group Data Protection Officer. If you wish to contact our Data Protection Officer, you can email firstname.lastname@example.org or via post at Data Protection Officer, ESB, 27 Fitzwilliam Street Lower, Dublin 2, D02 KT92.
How to make a complaint
If for any reason you have a complaint about our use of your personal information, or you are unhappy in any way with the information we provide to you, we would like you to contact us directly so that we can address your complaint. You can contact us by email at email@example.com or by postal mail at Data Protection Officer, ESB Head Office, 27 Fitzwilliam Street Lower, Dublin 2, D02 KT92. You may also contact the Data Protection Commission in Ireland about such matters on 1890 252 231, by email at firstname.lastname@example.org or by postal mail at Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28.
Changes to our privacy notice
We will occasionally update this privacy notice. We will post a notice of any material changes on our website prior to implementing the changes, and, where appropriate, notify you using any of the contact details we hold for you for this purpose. We encourage you to periodically review this notice to be informed of how we use your information.
What is a cookie?
A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device.
Cookies make it easy for websites to collect precise user-specific information about their visitors. This generally makes it simpler for you to navigate the web and enjoy a personalised experience.
Many cookies do essential jobs. For example, authentication cookies identify who you are when you try to log into an account. Other types of cookies enable you to shop online, storing items as you add them to your virtual shopping basket.
Types of cookie
Cookies can be either temporary (session cookie) or permanent (persistent cookie).
Session cookies are stored in your device’s temporary memory – not on your hard drive – while you’re browsing a website. Usually, these cookies are deleted when you close the browser. If you were to reopen the browser and revisit the website, the site would not ‘remember’ that you had visited previously. Session cookies remain active only until you leave a site.
Persistent cookies remain stored on your hard drive, persisting from session to session until you delete them, or they reach a set expiration date. Persistent cookies can store information such as log-in details, bookmarks, credit card details and preferred settings and themes – resulting in a faster and smoother web journey.
Who provides the cookie
First party: Placed by us on your device and used only by us. Our cookie settings have details of ESB’s cookies
Third party: Cookies owned by other organisations (such as our advertising partners) used on our website and applications. Our cookie settings have details of the third-party cookies we use.
To see ESB’s cookie listing, click here.
How to control cookies
You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
The cookies we use on our website can be grouped into four different categories.
Strictly necessary cookies: are essential in order to enable you to navigate around our website and use its features. Without these cookies, we would be unable to provide you with the services you have asked for.
Functionality cookies: allows our website to remember choices you make and help to provide an enhanced, more personal experience on our website. Performance cookies: helps us improve our website and our online services. These cookies gather information about how our site is used, including which pages are visited most often. This helps us to provide a better user experience. These cookies are anonymous – which means that they won’t collect information to identify you.
Targeting & Advertising cookies: are used to help us better understand our advertising campaigns and how we can make these more relevant to you. These cookies may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts of other sites. These cookies are based on uniquely identifying your browser and internet device.
Our website can send cookies to your web browser if your browser’s preferences allow it. Many websites do this whenever a user visits their website in order to track online traffic flows.
Cookies which we regard as strictly necessary for the performance of our website and applications are enabled. All other cookies used on ESB’s websites, including the customer account portal, requires cookies to be enabled in order for the service to function properly. If you disable cookies, you may not be able to avail of some of our online services. If you use the website without changing your settings, we’ll assume that you are happy to receive all cookies on the ESB websites.
Where you have opted to enable Performance or Targeting & Advertising Cookies, your data may be shared with our social media, advertising and analytic partners for analytic purposes and/or to show you relevant advertising. Information gathered by our partners may be stored on their servers that may be located in third countries. A full listing of our social media, advertising and analytic partners can be found under “Cookie Settings” on ESB’s website. You can also change your cookies preferences at any time through the Cookie Settings link on ESB’s website.
Page updated: November 2023