Skip to Content
Gaeilge

Privacy Notices

This privacy notice applies to all personal data processed by the Electricity Supply Board (“ESB”) or an ESB subsidiary company in relation to their external stakeholders (except where governed by separate privacy notices such as Electric Ireland, ESB Networks and ESB ecars.

ESB is a diversified and vertically integrated-utility operating across the Irish and UK electricity markets from generation, through transmission and distribution to the supply of customers. For the purposes of data protection law, the Data Controller is the ESB or an ESB subsidiary company having their registered addresses at: - 27 Fitzwilliam Street Lower, Dublin 2, D02 KT92, Ireland.

Note: All personal data processed by ESB and/or ESB subsidiary companies in relation to internal stakeholders (e.g. employees or contractors) are covered by a separate privacy notice which is available internally on the HubHQ intranet site.

All data processed by ESB’s Pension Office and/or the trustees of ESB’s Pension Scheme are covered by a separate privacy notice - available here.

At ESB, we recognise the importance of protecting your personal data. We may collect and hold a range of information about you, including:
  • Personal Identifiers and Contact Details: Provided to help us contact you and verify your identity when you get in touch (e.g. name, address, telephone number, and email address).
  • Background Documentation: Requested by us on occasion when dealing with queries (e.g. proof of residence/address, marital status, and vehicle/land ownership).
  • Visitor Information and CCTV Imagery: Captured by us when you enter the vicinity or visit our offices or sites.
  • Land Registration Details: Provided to us by you or identified through land registry records (e.g. information about electricity infrastructure and communication network assets located on or near your land/property, and land registration details you have a controlling interest in).
  • Planning Permission Data: Captured by us to comply with the requirements of planning permissions associated with our electricity infrastructure and communication network assets; or captured by us on request of relevant authorities.
  • Communication Preferences: Provided to help us communicate about topics you are interested in (e.g. high river flow notifications, and project updates).
  • Interaction Records and Transcripts: Captured by us when you interact with us face-to-face or via phone, email, webchat, social media, and other mediums.
  • Voice/Video Recordings: Captured by us when you interact with us via phone or webchat where you have been advised these interactions will be subject to recording.
  • Photography and Videography: Captured by us when you attend events organised/sponsored by us; or captured by us when recording at our offices, sites, or assets. 
  • Legal Data: Provided to us by you or your legal representatives in relation to a legal dispute, query, claim or other legal matters.
  • Financial Data: Captured by us in relation to your financial transactions with us (e.g. transaction history, bank account details, credit/debit card details, and creditworthiness data).
  • Recruitment and Selection Data: Provided to us by you or recruitment agencies acting on our behalf in relation to job applications (e.g. curriculum vitae, and employment applications); or captured by us during the recruitment and selection process (e.g. reference/background checks, health/wellbeing checks, and psychometric test results).
  • Tender Responses and Service Provider Data: Provided to us by you or your employer in response to a request for tender, or in the provision of services to us (e.g. name, contact information, and skills/work experience).
  • Health and Safety Incident Data: Captured by us in relation to any health or safety incidents which occur within or in the vicinity of our offices or sites.
  • Application and Website Usage Data: Captured by us to help us understand and improve user experiences (e.g.  information about the pages you look at and how you use them, your device type, operating system, and browser type).
  • Marketing Engagement and Preferences: Captured by us to help us understand how you respond, or interact with, any direct marketing or advertising communications directed to you, including any requests for these communications to stop.
  • Special Category Data: Provided to us by you through our services, forms, or surveys (e.g. medical, or biometric data). 

We collect this personal data directly from you when you contact us in writing, by phone, email, webchat, or social media. We also collect personal data through your use of our services or interactions with us. Additionally, we may obtain personal data from external parties (e.g. recruitment agencies, credit reference agencies, and legal representatives).

We process your personal data to manage our relationships with you, provide our services and perform our statutory functions. We ensure the personal data we process is appropriate and necessary for the purposes for which it is obtained. 
The following is list of our main processing activities which involve personal data. We have categorised each activity by the most common lawful basis relied upon for that type of processing. However, the lawful basis may vary depending on the services you avail of, and your relationship with us.

We process personal data for the following purposes, in pursuit of legitimate interest: 
  • Managing Queries and Requests: Reviewing, discussing, and formulating a response to queries or requests. 
  • Talent Acquisition: Recruiting and selecting new employees.
  • Asset Development: Planning and development of electricity generation infrastructure, and communication networks.
  • Operational Asset Management: Managing the safe, secure, and reliable operation of electricity generation infrastructure, and communication networks.
  • Security and Access Management: Managing access and security of our offices, sites, other facilities, and IT systems.
  • Community Engagement: Engaging with communities; and promoting and documenting our involvement in community and corporate social responsibility projects which we sponsored or funded through the capture of imagery, personal identifiers and commentary/opinions of community group members, and publishing these on external/internal communication channels. (e.g. publications, website, and/or social media).
  • Events/Programmes: Promoting and documenting events or programmes in which we participate, organise or sponsor (e.g. Recruitment or Job Fairs, Public Information or Consultation Events, and Workshops) through the capture of imagery, personal identifiers and commentary/opinions of attendees and publishing these on external/internal communication channels. (e.g. publications, website, and/or social media).
  • Market Research: Carrying out market research, including conducting and analysing the results of research activities (e.g. surveys, focus groups, interviews) to understand the preferences and sentiment of our external stakeholders, judge the performance of our advertising/marketing campaigns, and to maintain and improve our product or service offerings.
  • Strictly Necessary Cookies: Placing essential cookies on your devices to enable you to navigate around our website and use its features. For more information on our use of strictly necessary cookies, click here.
  • Archive: Archiving artefacts which showcase the contribution of ESB Group to the social, cultural, and economic development of the Irish State.
  • Fraud/Theft Detection: Detecting and preventing fraud, theft and other crimes.
  • Shared Services: Providing shared services across the Electricity Supply Board and ESB subsidiaries.

We process personal data for the following purposes in accordance with contractual necessity and the performance of a contract:
  • Financial Management: Conducting financial transactions, preparing, and processing invoices, processing payments, monitoring payment activity, and managing debt.
  • Land Management: Managing transactions involving the purchase, lease, or sale of land and assets, and processing and managing wayleave requests and notifications.

We process personal data for the following purposes in compliance with our legal obligations:

  • Legal Matters: Handling and responding to legal queries, disputes, and claims.
  • License Management: Providing or verifying fishing/boating licenses for waters of which we are responsible. 
  • Mandatory Communications: Communicating with you about events, projects, publications, and other matters we are required to tell you about. 
  • Court and Enforcement Requests: Responding to requests from courts and enforcement authorities.
  • Rights Protection: Protecting or enforcing our rights or the rights of any third party.
  • Health and Safety Management: Ensuring the health and safety of all who visit our offices and sites including compliance with incident record keeping and reporting obligations under the Safety, Health and Welfare at Work Acts and other applicable legislation.
  • Legal and Regulatory Compliance: Meeting obligations imposed by industry regulators; other regulatory and supervisory authorities; planning authorities; and environmental protection agencies.

We process personal data for the following purposes only on receipt of your consent:
  • Advertising, Direct Marketing and Other Communications: Communicating with you about events, projects, publications, and other matters that you have requested updates on.
  • Events/Programmes: Promoting and documenting events or programmes in which we participate, organise or sponsor (e.g. ESB Science Blast) through the capture of imagery, personal identifiers and commentary/opinions of children, and publishing these on external/internal communication channels. (e.g. publications, website, and/or social media).
  • Optional Cookies: Placing functionality, performance and/or targeting and advertising cookies on your devices to enable us to improve our website, services and/or advertising campaigns. For more information on our use of optional cookies, click here.
Where we require your consent, we will explain why and provide sufficient information to allow you to make an informed decision. When we receive your consent to perform such processes, it may be withdrawn at any time by contacting us.

Where necessary, we process your personal information to safeguard your vital interests.

We may transfer your personal data with or disclose it to the following categories of third parties:

  • Agents or Suppliers: We transfer or disclose your personal data with contracted individuals or companies that provide products or services necessary for our business operations, including managing our customer relationships. We will only disclose the personal data they need to provide these products or services while ensuring they adequately protect your data.
  • Advertising and Marketing Partners: We may transfer or disclose your personal data with contracted individuals or companies to run advertising campaigns and conduct market research and analysis. 
  • Legal and Professional Advisers: We may transfer or disclose your personal data with legal and professional advisers for any reasonable business purpose, including protecting our rights.
  • Third Parties Approved by You: We will transfer or disclose your personal data to another third party if you ask us to or consent to the transfer.
  • Regulatory Authorities: We may be required to transfer or disclose your personal data to Irish or European regulatory authorities, including energy regulators, environmental protection agencies, or data protection supervisory authorities.
  • Other External Bodies: In certain circumstances, we may be legally required to transfer or disclose your personal data to external bodies, such as local authorities, government departments, or An Garda Síochána. We will only disclose the minimum amount of information necessary to satisfy our legal obligations. However, once disclosed, we cannot control how these bodies use your data.

The majority of our suppliers, partners and advisors are located and process your personal data within the European Economic Area (EEA), the United Kingdom (UK), and countries recognised as providing an adequate level of data protection by the European Commission.

However, in providing a small number of our services, we may work with suppliers, partners and advisors which are located or process personal data within third countries.

In these cases, we will only transfer the personal data necessary for them to assist us in providing our services, and ensure they adequately protect your data. When personal data is transferred to these third countries, we will ensure these transfers comply with data protection laws, providing your data with the same level of protection it receives within the EEA and UK.

Personal data collected by us will be retained for as long as necessary to fulfil the purposes for which it was collected and to protect our business and our rights. We are required to keep certain types of information for specific periods to comply with legal requirements. The length of time we retain your personal data depends on the type of information and the purpose for which it was obtained. Some examples of the duration your personal data is held within our systems are as follows: CCTV Imagery may be kept for up to 30 days from the time of capture; Recruitment and Selection data may be kept for up to two years from the time of application; and Interaction Records and Telephone Recordings may be kept for up to seven and three years (respectively) from the time the interaction occurred.

You have several rights available to you to ensure we are appropriately managing the personal data we process in relation to you. These include the rights to be Informed, access, rectification, erasure, restrict processing, data portability, and object to processing (inclusive of automated decision making and profiling). For more detailed information about all the rights available to you, some associated limitations and how to raise a rights request, please visit our Data Subject Rights page here. 

The processing of personal data by ESB Electricity Supply Board (ESB) or ESB subsidiary companies is overseen by the ESB Group, Data Protection Officer (unless otherwise stated). If you have any queries about our use of your personal data, you can find the contact details for our Data Protection Officer on this page here.

If you have an ongoing concern about our use of your personal data, you may wish to log a complaint. We would encourage you to contact our Data Protection Officer directly so they can assist you. Their contact details can be found here.

You are also entitled to contact the relevant data protection authority such as the Data Protection Commission (DPC) where your data is processed in Ireland, or the Information Commissioner’s Office (ICO) where your data is processed in United Kingdom. All such contact information is available on this webpage

 

We will occasionally update this privacy notice. This was last updated in March 2025.

Where updates represent a significant material change, we will post an announcement on our website prior to implementation, and where appropriate notify you via the contact information you have provided us.

We encourage you to periodically review this notice to be informed of how we use your data.