As the Single Electricity Market Operator Power Exchange, SEMOpx, we take our obligations under data protection law very seriously and we're committed to keeping your personal data private and secure.
This statement is designed to help you understand what Personal Data we hold, why we collect it, why it is required, what we do with it and how we protect it. It also explains your rights in relation to how we hold and use your personal data, how to exercise those rights, and what to do if more information is required or a complaint is to be made.
This privacy notice applies to all Personal Data we hold, irrespective of any relationship with us.
We respect your right to privacy. If you have any questions about how we use your information, then please write to: the Data Protection Officer DataProtection@semopx.com or via post:
ROI: SEMOpx, The Oval, 160 Shelbourne Road, Ballsbridge, Dublin 4, D04 FW28
NI: SEMOpx, Castlereagh House, 12 Manse Road, Belfast, BT6 9RT.
About SEMOpx
In June 2015 SONI Ltd was designated by the Utility Regulatory (UR) as a Nominated Electricity Market Operator (NEMO) for Northern Ireland. At the same time EirGrid plc was designated by the Commission for Regulation of Utilities (CRU) as a NEMO for Ireland.
SONI Ltd and EirGrid plc have developed and implemented NEMO services for Northern Ireland and Ireland through SEMOpx, a contractual joint venture which allows the use of common systems, processes and resources to provide NEMO services to both Northern Ireland and Ireland.
The NEMO services consist of day-ahead auction, intraday auctions and an intraday continuous market for trading in the Single Electricity Market (SEM).
SEMOpx is regulated cooperatively by the CRU in Ireland and the UR for Northern Ireland.
In this privacy statement, the terms "we", "our", and "us" are used to refer to SEMOpx. SEMOpx is a “Controller” under the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) in respect of certain Personal Data you furnish to us. For the avoidance of doubt given the joint venture status of SEMOpx, ultimate and final “Controller” liabilities rest with EirGrid plc and SONI Ltd.
What is personal data?
“Personal Data” is any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier such as a user IP addresses or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and includes Special Categories of Personal Data;
"Special Categories of Personal Data" is any Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; genetic data or biometric data and data concerning health or sex life and sexual orientation.
Technical data collected
When you visit the SEMOpx website, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website. This non-personal data comprises information that cannot be used to identify or contact you, such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our website. We also collect certain information by the use of cookies. Cookies are small text files that web servers can store on your computer's hard drive when you visit a website. They allow the server to recognise you when you revisit the website and to tailor your web browsing experience to your specific needs and interests. For more information on our use of cookies, please see our Cookies Policy.
What personal data do we use?
We use, or process, a number of different categories of personal data.
Information you give us – this is information about you that you give us when engaging with SEMOpx for example by filling in forms, responding to questionnaires or by corresponding with us by e-mail, phone, facsimile, post or face-to-face meetings or an information gathering exercise which relates to SEMOpx's general business or responsibility for operating Day-Ahead or Intraday Markets in the Single Electricity Market. The information that you give us will include some or all of the following (depending on the circumstances):
- your name, date of birth, contact details;
- current and previous address, occupation, nationality, citizenship, photo or other I.D. confirmation;
- company ownership;
- your views and feedback on SEMOpx’s business or role as a Nominated Electricity Market Operator (NEMO)
- records of any consents you have given; and
- your use of the SEMOpx website.
We may record telephone calls you make to us for training or quality purposes. Where you provide information about others you must ensure that you have their consent or are otherwise entitled to provide this information to us.
Information we receive from other sources – this is information about you that we receive from other business units within EirGrid plc or SONI Ltd, or from our service partners (e.g. EPEX and ECC), or from publically available sources such as (but not limited to) the Companies Registration Office/ UK Companies House. The information that that we receive from these sources will include some or all of the following (depending on the circumstances):
- your name, date of birth, contact details;
- current and previous address, occupation, nationality, citizenship, photo or other I.D. confirmation;
- company ownership & registration details; and
your views and feedback on SEMOpx’s business or role as Nominated Electricity Market Operator.
What do we use personal data for?
Our core business is to operate Day-Ahead and Intraday Markets in the Single Electricity Market. To this end we use information held about you in the following ways (as applicable):
- to establish and maintain records associated with Members, Units, Users and Traders in SEMOpx;
- to manage Member accession to the Exchange Membership Agreement;
- to ensure we are engaging with the correct applicant/Member;
- to verify the accuracy of the data you have to provided to us;
- to keep you informed about the operation of SEMOpx;
- to develop the products offered by SEMOpx;
- to manage the secure and efficient trading in the day-ahead and intraday markets;
- to meet our obligations to our regulators; and
- to deal with your enquiries and requests
What are our legal grounds for processing personal data?
Data protection laws require that we meet certain conditions in order to use your data in the manner described in this privacy statement. We rely on the following legal grounds in order to process your data:
- The processing is necessary for the performance of a task carried out in the public interest or in the exercise of an official authority vested in SEMOpx.
- That you have given your consent to the processing of your Personal Data.
- We may use your contact details to provide you with certain information about SEMOpx activities where you have provided your explicit consent for us to do so. You may withdraw this consent at any time by asking us to stop sending you such information.
- The processing is necessary for the performance of function conferred on SEMOpx as part of the Exchange Member Agreement and SEMOpx Rules, including providing access to day-ahead and intraday markets for the Single Electricity Market.
- We only use this information to allow us to ensure we deal with Members and other stakeholders in an appropriate manner.
Who do we share personal data with?
We may share your personal information with the following: EirGrid plc and SONI Ltd in their respective capacities as the Transmission System Operator and Market Operator, EPEX, ECC, Commission for Regulation of Utilities (CRU) in Ireland and the Utility Regulatory (UR) in Northern Ireland.
We will only disclose your information:
- to other business units within EirGrid plc or SONI Ltd, service providers (e.g. EPEX, ECC) and consultants for the performance of any contract we enter into with them and to provide services to Members. ;
- to third party service providers to the extent they assist us with our legal / regulatory obligations or our business operations;
- to our regulators for the purposes of complying with our regulatory obligations;
- to law enforcement agencies as well as our legal advisors, courts any other authorised bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters etc.
- in the event of any insolvency or winding up situation (e.g. the administration or liquidation) of EirGrid plc or SONI Ltd;
- to protect the rights, and property of our staff, Members and other stakeholders. This includes exchanging information with other companies and organisations for the purposes of staff and stakeholder safety; and
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.
Transfers of your personal data outside the European Union
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (the "EEA"), in particular, where we use third party cloud storage providers.
When we send personal data overseas, we will make sure suitable safeguards are in place, in accordance with European data protection requirements, to protect the data. In all cases these safeguards will be one of the following:
Sending the data to a country that's been approved by the European authorities as having a suitably high standard of data protection law.
Putting in place a contract with the recipient containing terms approved by the European authorities as providing a suitable level of protection.
Sending the data to an organisation which is a member of a scheme that's been approved by the European authorities as providing a suitable level of protection. One example is the "Privacy Shield" scheme agreed between the European and US authorities.
More information on these safeguards can be found here.
How long is personal data kept for?
We will retain information about you for the period necessary to fulfil the purposes for which the information was collected. After that, we will delete it. The retention period may vary depending on the purposes for which the information was collected.
Where a specific legal or regulatory requirement (including the SEMOpx Rules) applies to your information we will retain it for the period of time specified in such legal or regulatory requirement. In the absence of a specific legal or regulatory requirement we will retain your information for the applicable statutory limitation period following the end of the matter to which it relates. We may be required to extend the retention period if the information is required in relation to a complaint, investigation, judicial review, a claim or litigation.
Please also note that we are sometimes legally obliged to retain original legal documents, such as deeds, indefinitely.
Your rights
You have a number of rights under data protection law in relation to the way we process your personal data. These rights are a right to:
- access personal data held by us about you;
- require us to rectify any inaccurate personal data held by us about you;
- require us to erase personal data held by us about you;
- restrict our processing of personal data held by us about you;
- receive your personal data in a structured, commonly used and machine readable format and you also have the right to require us to transfer this personal data to another organisation, at your request (known as the "right of portability");
- object to our processing of personal data held by us about you; and
- withdraw your consent, where we are relying on it to use your personal data.
These rights are subject to certain restrictions provided for in data protection legislation. For example:
- The right of portability will only apply to the extent that we process your information on the basis of your consent or on the basis of a contract, and we process it by automated means.
- The right to restrict our processing of personal data held by us about you will only apply where (for example): you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but you require the data for the purposes of dealing with legal claims.
You may contact us using the details on our website (or by contacting our DPO directly – details below) to exercise any of these rights. Please address any questions, comments and requests regarding our data processing practices to our Data Protection Officer in the first instance. Our DPO can be contacted by writing to the Data Protection Officer at DataProtection@semopx.com or via post:
ROI: SEMOpx, The Oval, 160 Shelbourne Road, Ballsbridge, Dublin 4, D04 FW28
NI: SEMOpx, Castlereagh House, 12 Manse Road, Belfast, BT6 9RT.
If you have any concerns regarding our processing of your personal data, or are not satisfied with our handling of any request by you in relation to your rights, you also have the right to make a complaint to the relevant Data Protection Commissioner's Office.
The Data Protection Commissioner’s Office in Ireland contact details are:
Telephone: +353 57 8684800 OR +353 (0)761 104 800
Lo Call Number: 1890 252 231
Fax: +353 57 868 4757
E-mail: info@dataprotection.ie
Postal Address:
Data Protection Commissioner
Canal House
Station Road
Portarlington
R32 AP23 Co Laois
The Information Commissioner’s Office in Northern Ireland’s contact details are:
Telephone: +44 28 9027 8758
Lo Call Number: 0303 123 1114
E-mail: ni@ico.org.uk
Postal Address:
The Information Commissioner’s Office – Northern Ireland
3rd Floor
14 Cromac Place
Belfast
BT72JB
Changes to our Privacy Statement
We may update this privacy statement from time to time. Any changes we may make in the future will be posted on this page and where appropriate we will endeavour to bring the changes to your attention by other means.
Last updated 26 September 2018