Global Privacy Policy

This Global Privacy Notice explains how StormHarvester Utilitiles group of companies (Ltd, Australia PTY, New Zealand PTY) and its affiliates (collectively, ‘StormHarvester’, ‘we’, ‘us’, ‘our’) collect, use, disclose and protect personal information. It applies to individuals in the United Kingdom, Australia and New Zealand and is designed to meet requirements of the UK GDPR and Data Protection Act 2018, the Australian Privacy Act 1988 (including the Australian Privacy Principles), and the New Zealand Privacy Act 2020 (including the Information Privacy Principles).

The notice is addressed to individuals who are either:

  • StormHarvester employees
  • Those associated with the recruitment of staff e.g. next of kin, referees
  • Potential customers in receipt of marketing information
  • Visitors to our website, including those who complete information through online forms
  • Suppliers
  • Former employees of StormHarvester
  • Please see our separate Product Privacy Notice for more information on how we collect, use, store, and protect personal data, within our product

All of these parties shall be referred to as “you” throughout this privacy notice.

Personal information we collect

We collect personal information that you provide directly or that we obtain through your use of our services, website, products and interactions with our staff and partners. Depending on your relationship with us, this may include:

  • Identity and contact details (name, email, phone, job title, employer, postal address)
  • Account and authentication details (user IDs, role/permission data)
  • Transactional and service interaction data (orders, tickets, support communications)
  • Device/usage/telemetry data (log data, IP address, device identifiers, app performance metrics)
  • HR/workforce data (employment history, payroll identifiers, emergency contacts)
  • Special category/sensitive information where strictly necessary (e.g., health information for HR administration, criminal history checks where permitted by law)
  • Marketing preferences and cookie/consent choices

StormHarvester employees

When you engage with StormHarvester , we will ask for information about you, such as your name, address, bank details, email address, NI (National Insurance) Number etc. This is known as your Personal Data.

We will also collect information about you from other sources which also forms part of your Personal DataThis includes information from background checks, employee references, credit checks, training certifications etc.

We may also ask you for some sensitive information for example criminal convictions, motoring offences, religious background and information about your health. This is known as Sensitive Personal Data.

 We are required to retain and process this data in order to fulfil our contractual obligations to you as your employer. Additionally, this allows us to complete a robust recruitment process to ensure our legitimate business interests are met.

Explanation of the way in which  We will process your personal data and reasons are as follows:

Contractual

  • Administer monthly pay
  • Administer monthly pension payments
  • Action health cash plans/medical insurance

Legitimate business interest

  • To carryout necessary background checks to ensure recruitment policies are adhered to
  • To arrange the training required to enable you to conduct your role at the level expected and continue your development in StormHarvester, we will use your details to register you with training providers and technology partners
  • To allow you to obtain access to certain software programs required to do your job at StormHarvester
  • To connect you to our workforce via company-controlled communications tools
  • To connect you with our clients and suppliers your contacts details will be made available
  • To manage any company car, phone, credit card you have been assigned your personal data will be stored and processed with 3rd party providers
  • To communicate skill sets to our customers, Staff Bios and CVs may be shared with customers as evidence of our core capabilities
  • To manage our IT environment, ensuring security of all data, we can monitor the usage of both company and personal devices on its network. This is done in a manner that does not impact your privacy but provides vital information on network performance and security.
  • To review productivity of staff on night shift and remote workers, we can monitor the usage of company and personal devices on its network in a manner that does not impact your privacy

Legal

  • To ensure you are covered under the terms of travel insurance your personal data will be shared with insurers

Contractual requirements

  • To process monthly expenses your personal data will be processed to ensure you received reimbursement

Consent

  • To promote our organisation structure and skill set your photographs may be used on our website, internal digital signage or for promotional campaigns sent out externally
  • To communicate skill sets to our customers, Staff Bios and CVs may be shared with customers as evidence of our core capabilities
  • To manage our IT environment, ensuring security of all data, we can monitor the usage of both company and personal devices on its network. This is done in a manner that does not impact your privacy but provides vital information on network performance and security
  • To review productivity of staff on night shift and remote workers we can monitor the usage of company and personal devices on our  network in a manner that does not impact your privacy.

All forms of staff personal data referred to above shall be held throughout the period that the employee remains with our company and shall be deleted after 1 year of them leaving.

In the case of staff financial related data, this will be retained for a period of 6 years as per statutory requirements.

After this time the data shall be removed from circulation and deleted. Those associated with the recruitment of staff e.g. next of kin, referees

At times we will use personal data in the form of third party contact details that our candidates and/or staff have provided to us.

These are used for the following purposes:

  • If a staff member has put your name and contact details down on our HR system as an emergency contact, we’ll contact you in the case of an accident or emergency affecting them. We do this because it is in the vital interest of the employee to do so. This data will be held for the period that the employee remains with our company and shall be deleted after 1 year of them leaving.
  • If your name has been put down by a candidate or a prospective member of staff as a referee, we will contact you in order to take up an employee reference.This is an important part of recruitment process and could be the difference between the individual getting a job or not. It is in our legitimate business interest to hold and process data this way. This data will be held for the period that the employee remains with our company and shall be deleted after 1 year of them leaving.

Potential customers in receipt of marketing information

Outbound marketing

To promote StormHarvester services and to ensure success and growth of our company, we may at times contact you with information on our services and latest news. We may periodically send you information that we think you may find interesting and we can use your data in this way because it is in our interest in promoting and managing our business to do so. We balance this interest with the impact on you, and at any time you can ask us to stop using your information for this purpose. Please see section below for information on how to ask us to stop.

Research and Analysis

To carry out research and analysis, including analysis of our customer base, and other individuals whose personal information we use to analyse behaviour, preferences and interests, develop new products, improve our services, identify usage trends and understand the interests of our users. We can use your Personal Data in this way because it is in our interests to improve our services.

Visitors to our website including those who complete information through online forms

We are committed to protecting your privacy and ensuring your experience with our website is secure and transparent. This Privacy Policy explains how we collect, use, and protect your information, including our use of cookies and third-party services such as Google Analytics.

Information We Collect

We may collect and process the following data about you:

  • Information you provide by filling in forms on our website. This includes completing our contact form or applying for a job vacancy.
  • Details of your visits to our website, including traffic data, location data, and other communication data

How we use cookies

Our website uses cookies to enhance your experience. Cookies are small files that are stored on your device. They help us understand how you interact with our website, improve your experience, and provide customised services.

Essential Web Cookies

These cookies are strictly necessary for our website to function and provide the services you request. Without these cookies, certain features may not work properly.

You can control and block these cookies via your browser settings; however, this may affect your experience on our site. Refusing these cookies may impact the functionality of the website, as they are required for essential services.

Google Analytics Cookies

We use Google Analytics to gather aggregate data about our site’s usage and performance, which helps us improve our content and marketing campaigns. These cookies allow us to understand how you interact with our website, such as which pages are visited and how long users stay on each page.

If you do not wish for us to track your visit via Google Analytics, you may disable tracking in your browser settings.

External Services

We also integrate various external services on our website. These services may collect personal data, such as your IP address. You have the option to enable or disable these services below. Disabling them may impact the functionality and appearance of our site.

Google Webfonts: Controls the appearance of text on the site.

Google Maps: Allows for location services.

Google reCAPTCHA: Ensures security and prevents spam.

Vimeo and YouTube Video Embeds: Allows embedded video content.

Managing Cookie Preferences

You can choose which cookies you want to allow on our website. To view and manage your cookie settings:

  1. Adjust your preferences in the browser settings.
  2. Use our website’s cookie control options to enable or disable specific types of cookies.

If you refuse cookies, our website will automatically remove all cookies set in our domain.

Consent in Marketing

  • We need your consent for some aspects of these activities which are not covered by our legitimate interests (in particular, the collection of data via cookies,)
  • Soft opt-in consent is a specific type of consent which applies where you have previously engaged with us and we are marketing other-related services. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt out. For most people, this is beneficial as it allows us to suggest other services to you.

If you are not happy about our approach to marketing, you have the right to withdraw your consent at any time. We want to let you know that even if you have opted out from our marketing communications through our preference centre, it is possible that your details may be recaptured through public sources in an unconnected marketing campaign. We will try to make sure this doesn’t happen, but if it does, we’re sorry. We’d just ask that in those circumstances you opt out again.

Suppliers

We require a small amount of information that equates to personal data from our suppliers to ensure that things run smoothly for both businesses. We need contact details such as names, emails and phone numbers of relevant individuals at your organisation so that we can communicate with you.

We process this information within our organisation as it is in our legitimate business interest to do so.

Customers

We are required to use the personal data of your staff at times to plan and execute business transactions and develop our ability to serve you better.

Personal data of your staff can include names, email addresses, contact details. These details may appear within our proposal documents, commissioning documents and other project related documents and CRM system. We process this data as we build a case for successful delivery of each business transaction.

We can use your Personal Data where we are required to do so pursuant to a contractual obligation with you or to fulfil a legitimate business interest and deliver the goals of our business.

At times names and contact details of your employees will be used to train and induct staff to your way of working.

We can use your data in this way because we have a legitimate interest to do so and it will assist us to provide the best service to you.

To interest you in other products and services (marketing) we may use your information to make decisions about what other products and services you might be interested in and contact you by email about these products and services. We can use your data in this way because it is in our interest in promoting and managing our business to do so. We balance this interest with the impact on you, and at any time you can ask us to stop using your information for this purpose.

We will retain this information as long as our business relationship exists with you. Archived data is deleted after 6 years so any personal data will be retained in line with company policy.

Former employees of StormHarvester

All forms of staff personal data referred to under ‘StormHarveser employees’ shall be held throughout the period that the employee remains with our company and shall be deleted after 1 year of them leaving.

In the case of staff financial related data, this will be retained for a period of 6 years as per statutory requirements.

After this time the data shall be removed from circulation and deleted.

Sharing personal data

We do not sell your personal data. We may share your data with:

  • Trusted service providers (e.g., hosting, analytics, payment processors)
  • Regulatory or legal authorities when required
  • Business acquirers, in the event of a merger or sale
  • We can share your information including Personal Data and Sensitive Personal Data with the following parties for the purposes set out above. This is done in line with our Data Protection Policy and Procedures.
  • The StormHarvester group of companies
  • StormHarvester Ltd and StormHarvester Utilities Ltd and other StormHarvester affiliates may have access to and use of Personal Information in connection with the conduct of our business where appropriate.

Our service providers

  • External third-party service providers, technology partners or affiliates in a service provider role, such as accountants, lawyers and other outside professional advisors; IT support and security service providers including cloud-based providers; and similar third-party service providers that assist us in carrying out business activities connected with fulfilling our contractual obligations with you.

Other third parties

  • To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings); As we believe to be necessary, appropriate and legal under the relevant data guidelines.

Legal reasons

  • To comply with legal process, to respond to requests from public and government authorities including public and government authorities outside your country of residence, to enforce our terms and conditions, to protect our operations, to protect our rights, privacy, safety or property, and/or that of you or others; to detect and prevent crime, including fraud; and to allow us to pursue available remedies or limit the damages that we may sustain.

Fraud and credit agencies

  • We may share your personal information with these agencies for the purposes of identity verification, detecting fraud and for credit referencing purposes.
  • These agencies may undertake a search with credit reference agencies to verify identity. The credit reference agency will check the details supplied against any database, public or otherwise. A record of searches will be retained. The credit reference agency may use the details provided to assist other companies for verification and identification purposes.

    International data transfers

    Because we operate globally, your personal information may be transferred internationally. Under our commitment to data and information security we implement appropriate safeguards in line with all regulatory and ISO requirements:

    UK – International Data Transfer Agreement (IDTA)

    Australia – We take reasonable steps before cross‑border disclosure to ensure overseas recipients handle information in accordance with the APPs; we remain accountable for mishandling (APP 8 and s16C)

    New Zealand – We ensure fit for purpose safeguards for overseas disclosures under IPP and relevant advocacy agreements are in place.

    We also minimise transfers by hosting data in region via our regional AWS data centre locations.

    StormHarvester’s obligation to you

    We will take all steps reasonably necessary to ensure that your Personal data is treated securely and in accordance with this Privacy Notice. This includes putting in place agreements with the people we send your information to, to require them to treat your information with similar protections to those that apply in the UK.

    Changes to this policy

    We may update this Privacy Policy to reflect changes in legal, regulatory, or operational requirements. Updates will be posted on this page with a revised “Last Updated” date. Where appropriate, we will notify you via email or in-app.

    Our Data Protection Officer is in charge of dealing with questions you may have about this privacy notice or dealing with your requests to exercise your rights which are described below.

    Our Data Protection Officer can be contacted at
    Email: lisa.shields@stormharvester.com
    Address Floor 3, 4 Mays Meadow, Belfast
    Supervisory Authority: ICO

    Complaints

    You have the right to complain about how we treat your Personal Data and Sensitive Personal Data to the Information Commissioner’s

    Office (ICO). The ICO can be contacted at:

    https://ico.org.uk/global/contact-us/

    We will keep it for up to 7 years to satisfy industry, regulatory and contractual requirements.

    Your rights

    You have the right to access to your information and to request the correction of inaccurate/incomplete information.

    Further legislative rights within the relevant locations are :

    UK – Rights to erasure, restriction, objection (including to marketing), portability, and to withdraw consent; to object to automated decisions where applicable

    Australia – Rights to access and correction; opt‑out of direct marketing

    New Zealand – Rights to access and request correction

    To exercise your rights or make a complaint, contact our DPO in the details provided. We will respond within applicable statutory timeframes.