Regulation 31
The purposes are—
1. Promoting energy efficiency improvements (as defined in section 2 of the Energy Act 2011(1)) (“energy efficiency improvements”) in relation to buildings.
2. Conducting research into, or developing or analysing policy (or policy proposals) in relation to, the energy efficiency of buildings.
3. Conducting research into the effectiveness or impact of energy efficiency improvements.
4. Identifying geographic areas where the energy efficiency of buildings is low relative to other areas, or conducting research into the extent, causes or consequences of such lower levels of efficiency.
5. Promoting and marketing energy efficiency improvements that may be made pursuant to a green deal plan.
6. Identifying and analysing the impact of carbon emissions on the environment resulting from buildings with low levels of energy efficiency.
7. Determining whether energy efficiency improvements that may be made pursuant to a green deal plan have or have not been made in respect of a particular building or buildings.
The conditions are—
1. The authorised recipient is, until the data is deleted from the authorised recipient’s records and systems (so that the personal data is no longer accessible by any means by the authorised recipient), a data controller within the meaning of section 1(1) of the Data Protection Act 1998(2) in relation to the information disclosed.
2. The authorised recipient must not—
(a)disclose any personal data contained in or derived from data disclosed to it under regulation 31 to any other person without the consent of the person who is the subject of the data;
(b)use such personal data in order to contact an individual for the purpose of marketing or promoting products or services which do not relate to energy efficiency.
3. The authorised recipient must not make contact with any person (“the subject”) whose identity or contact details (or both) have become known to the authorised recipient from data disclosed to the authorised recipient under regulation 31 unless—
(a)the authorised recipient advises the subject, at the time contact is first made, that—
(i)their identity or contact details (or both) have been obtained from the keeper of the register under that regulation, and
(ii)the subject is entitled to refuse to receive any further communications from the authorised recipient; and
(b)the first contact with the subject is made by means of written communication (including electronic communication) only.
4. The authorised recipient must not make further contact with a person if the person has informed the authorised recipient that they do not wish to receive any further communications from the authorised recipient.
5. In paragraphs 6 and 7, “the subject” means a person whose identity or contact details (or both) have become known to the authorised recipient from data disclosed to it under regulation 31.
6. If the authorised recipient has on three separate occasions made contact with the subject and received no response from the subject within fourteen days of the third contact, the authorised recipient—
(a)must not attempt to contact the subject again; and
(b)must, as soon as reasonably practicable (and in any event within fourteen days of the receipt of a request made by or on behalf of the subject to do so), delete any personal data contained in or derived from data disclosed to the authorised recipient under regulation 31 from its records and systems (so that the personal data is no longer accessible by any means to the authorised recipient).
7. The authorised recipient must, as soon as reasonably practicable (and in any event within fourteen days of the receipt of a request made by or on behalf of the subject), delete any personal data contained in or derived from data disclosed to the authorised recipient under regulation 31 from its records and systems (so that the personal data is no longer accessible by any means by the authorised recipient) if the subject requests the authorised recipient to do so.
8. The authorised recipient must ensure that its officers and employees comply with the conditions in paragraphs 1 to 7 of this Part.
1998 c.29. Section 1(1) was amended by section 68 of and Schedule 8 to the Freedom of Information Act 2000 (c.36), and by S.I. 2004/3089. There are other amendments to section 1 of the Data Protection Act 1998 which are not relevant to these Regulations.