reply back

Explain's data handling policy

Explain is registered with the Information Commissioners Office in compliance with the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation 2016/679 (‘GDPR’). In addition, Explain has been awarded ISO9001 accreditation to verify the high level of quality management procedures we have in place across the business.

Please find a summary below of how we will handle South Staffs Water customers' personal data.

In accordance with its privacy policy South Staffs Water will provide limited personal data to Explain for the purposes of recruitment to the online community to conduct market research.

This information comprises only customer name and email address, no other personal data will be provided. The database will be transferred via the pre-existing SFTP site for security purposes. This database will exist on the Explain servers only and will be password protected. The H2Online management team (four members of staff in total: Kim Davis, Bryony Iles, Emma Hopkins, Megan Hammersley) will have access to the password. Please request our information and security policy to understand how we manage the security of this data.

The additional profiling information you provided as part of the community registration process forms part of your member profile. This member profile is stored within the community admin area hosted in the UK by Microsoft Azure. A copy of all member profiles is also stored on the Explain servers in a password protected Excel database, again the four members of the community management team will have access to the password.
The information we collect and store on community members via the profiling survey is as follows:

  • First name and surname: to allow communications to be personalised by name
  • Email address: to allow us to communicate with the respondent after they have joined.
  • Gender, age, employment status, the make-up of household occupancy, home ownership and water usage: to allow comparison of research results by these demographics
  • How the respondent receives their water bills and if they use the mobile app: to allow us to understand the perspective of the respondent in their responses to topics, discussions, surveys and polls and direct relevant content.
  • Whether the respondent has a water meter installed: important to understand to allow comparisons in service satisfaction between those who do and don’t have a water meter installed currently.
  • Satisfaction levels with South Staffs Water: to allow us to understand the perspective of the respondent in their responses to topics, discussions, surveys and polls and direct relevant content.
  • How they heard about the online community: to track success of the recruitment methods we employ.

Having opted into be a community member you will be sent regular emails inviting you to take part in community activities, however at any point you can unsubscribe from these emails and deactivate your community membership. Both Explain and South Staffs Water will have access to the unsubscribe list and you will not receive future recruitment invitations.

When a community member unsubscribes from the community and requests for their account to be deleted they are removed as a member and deleted from the member profile database hosted on Microsoft Azure. Additionally, we will manually delete the member from the Excel member profile database hosted on our servers by deleting their record and resaving the database.

Member profile databases will not be downloaded to any portable devices such as USBs or laptops and will remain on Microsoft Azure and Explain servers only.

H2Online members are able to update their personal information via the account information section of the community.

Personal data will be used to communicate with respondents in connection with the H2Online community only and for no other purpose. Personal data will not be passed to any third party organisations.

Members are able to request the data held about them at any point.

All Explain staff are trained in data protection as part of their induction to the company and all requirements are detailed in our company handbook and IS policy which is circulated annually for the purposes of refresher training.