UK GDPR and Data Protection Act 2018
Effective Date: 5 March 2026
Version: Draft v1.2
This notice explains how PSOS processes personal data for users of the app, website, portals and related services.
1 Definitions and Acronyms
1.1 Defined Terms
In this pack, unless the context requires otherwise:
- Admin Portal means PSOS internal administrative interface used by authorised PSOS personnel.
- Callout means an emergency service request raised in the platform by a Site Manager.
- Callout Request means the dispatch request sent to a selected Responder before acceptance.
- Customer means an organisation that owns, operates, leases or manages one or more Sites containing HV assets.
- Dynamic Rate Charging means calculation of charges by the applicable rate band in force at each charging interval, including where a callout crosses rate periods.
- Equipment means a unique equipment record used in the platform data model and associated with one or more substations.
- Independent Responder means a self-employed Responder not acting as an employee or contractor of a Partner for the relevant callout.
- Management Portal means the web or app interface used by authorised account managers of Customers and Partners.
- Membership means paid access to platform functionality, separate from variable callout and materials charges.
- Partner means a company that employs or engages Responders and is onboarded to PSOS.
- Platform means the PSOS mobile app, management portal, APIs and related systems.
- Pre-authorisation Hold means a temporary payment hold placed at callout creation based on estimated callout value.
- Responder means a suitably qualified high-voltage engineer (including SAP, AP, AE, CE or equivalent) available for dispatch through the platform.
- Site means a physical location belonging to a Customer containing one or more substations and other relevant assets.
- Site Manager means a Customer-authorised individual able to create and manage callouts.
- Supplier means a party supplying goods, parts, consumables or related support services connected with callout delivery.
- Substation means a physical structure housing high-voltage equipment, including transformers, switches and associated components.
- Third-Party Provider means an external provider used to support functions such as payment, maps, notifications, analytics, real-time and identity validation.
1.2 Acronyms
- AE: Authorising Engineer Role/competence category.
- AP: Authorised Person Role/competence category.
- CE: Commissioning Engineer Role/competence category.
- CIS: Construction Industry Scheme Tax and withholding regime where applicable.
- DIN: Dangerous Incident Notice Operational incident notification category.
- GDPR: UK General Data Protection Regulation Read with Data Protection Act 2018.
- HV: High Voltage Industrial power infrastructure context.
- KYC: Know Your Customer Identity and verification processes.
- SAP: Senior Authorised Person Role/competence category.
- SLA: Service Level Agreement Performance and quality commitments.
- SOP: Suspension of Operational Process Operational process/safety notification category.
1.3 Interpretation
- References to legislation include amendments and replacement legislation in force from time to time.
- Words in the singular include the plural and vice versa.
- Headings are for convenience and do not affect interpretation.
- References to "including" or "includes" mean "including without limitation".
2 Privacy Notice (UK GDPR and Data Protection Act 2018)
2.1 Who We Are
For the purposes of this notice, PSOS is the data controller for personal data processed through the Platform, except where this notice or a separate data processing addendum states otherwise. Privacy contact details:
- Privacy requests email: info@powersos.co.uk
- Postal contact address: Unit 2a Oldfields Court Galveston Grove, Fenton, Stoke-On-Trent, Staffordshire, England, ST4 3PE
- General support contact: info@powersos.co.uk
2.2 Scope
This notice applies to personal data processed in connection with:
- platform accounts and authentication;
- emergency callout operation and communications;
- payment operations and fraud controls;
- qualification verification and trust/safety workflows;
- support, analytics, service improvement and legal compliance.
2.3 Cookies and Similar Technologies
Where PSOS operates a website or web-based portal, it may use cookies and similar technologies (including pixels and SDK-like technologies) to operate services, remember preferences, improve performance, and measure usage. Where required by law, PSOS will obtain consent for non-essential cookies/technologies. Users can usually manage cookies through browser settings and, where available, PSOS preference tools.
2.4 Categories of Personal Data
- Identity and profile data: Name, role, profile photo, employer/partner affiliation, user ID, account identifiers.
- Contact data: Email address, phone number, emergency contact details, business name and address, correspondence details.
- Professional and competency data: Qualifications, training status, memberships, accreditation, role type (for example SAP/AP/AE/CE), security clearance status.
- Operational callout data: Site association, callout logs, timestamps, responder assignment, work summaries, customer sign-off records.
- Site and asset context data: Site address(es), substation and equipment context, safety notes, incident descriptors and uploaded supporting records.
- Payment and transaction data: Payment tokens, billing references, invoice data, pre-authorisation and capture events, dispute records.
- Location and telemetry data: Online status and location during dispatch-enabled periods, ETA and route information.
- Communications data: In-app chat messages and associated metadata during active callouts, then read-only archive.
- Device and technical data: Device identifiers, operating system, app events, network and log data, analytics event data.
- Compliance and verification data: KYC checks, fraud/risk flags, sanction screening results where required, qualification validation outcomes.
2.5 Special Category and Sensitive Data
2.5.1 PSOS does not intentionally process special category data unless operationally necessary or unavoidable and where lawful.
2.5.2 Where information indicating health, union membership or similar special category data is inadvertently included in uploaded records, processing is restricted and handled in compliance with Article 9 UK GDPR conditions where required.
2.6 Sources of Data
PSOS receives data from:
- users and organisations directly;
- callout participants (Customer, Partner, Responder, Supplier);
- Third-Party Providers (for example payment, maps, identity verification, analytics and messaging services);
- public or regulatory datasets where legally permissible.
2.7 How We Use Data and Legal Bases
PSOS processes personal data under one or more lawful bases:
2.7.1 Contract: account operation, dispatch workflows, payments, support and dispute handling.
2.7.2 Legitimate interests: service reliability, safety controls, fraud prevention, quality monitoring, analytics and product improvement.
2.7.3 Legal obligation: tax, accounting, legal reporting, compliance and law-enforcement cooperation where required.
2.7.4 Consent: limited contexts where consent is required by law (for example optional marketing preferences or device-level permissions not strictly necessary for service delivery).
2.8 Marketing
2.8.1 PSOS may send service communications required for account and callout operation.
2.8.2 Where PSOS sends direct marketing, it will do so in accordance with applicable law and, where required, with consent.
2.8.3 Users can opt out of marketing communications at any time.
2.9 Role-Based Sharing Model
2.9.1 Customer data may be shared with selected Partners, Responders and Suppliers where necessary for analysis of callout performance.
2.9.2 Customer data is not shared with other unrelated Customers.
2.9.3 Partner and Responder data may be shared with Customers for dispatch, identity, trust and safety purposes.
2.9.4 Supplier data may be shared as needed for fulfilment and audit.
2.10 Third-Party Processors and Integrations
2.10.1 PSOS may use Third-Party Providers including payment processors, cloud infrastructure providers, maps/navigation providers, push-notification platforms, chat/real-time infrastructure, analytics providers and industry verification partners.
2.10.2 Provider choices may change over time.
2.10.3 Where required, data processing agreements and transfer safeguards are implemented.
2.11 International Data Transfers
Where personal data is transferred outside the UK, PSOS uses lawful safeguards, such as adequacy regulations, UK international data transfer addendum mechanisms, or other permitted safeguards, current at the time of transfer.
2.12 Retention and Deletion
2.12.1 Data is retained only as long as necessary for contractual, operational, safety, legal and audit purposes.
2.12.2 Users may request deletion of deletable personal data from PSOS systems and connected providers where technically possible and legally feasible.
2.12.3 Deletion of profile data does not necessarily remove transactional records, callout logs, legal evidence records or data required for compliance and dispute resolution.
2.13 Data Subject Rights
2.13.1 Data subjects may exercise applicable UK GDPR rights, including but not limited to:
- access;
- rectification;
- erasure;
- restriction of processing;
- portability;
- objection to processing based on legitimate interests;
- rights concerning automated decision making where applicable.
2.13.2 PSOS will verify identity before actioning requests and respond within statutory timelines.
2.14 Chat Data Rights
2.14.1 Where enabled, in-app, chat records may be downloaded or erased by authorised users.
2.14.2 Legal hold, safety investigation or compliance obligations may require restricted retention regardless of user deletion request.
2.15a Security Measures
PSOS applies technical and organisational controls proportionate to risk, including access control, encryption in transit where practicable, audit logging, environment segregation, vulnerability management and incident response procedures.
2.15b Personal Data Breaches
In accordance with UK GDPR and ICO requirements PSOS will from time to time assess and notify the relevant parties of personal data breaches. Where appropriate, affected parties will be informed of such assessment without undue delay.
2.16 Automated Decision Support
PSOS may use automated signals (for example dispatch ranking, fraud indicators and reliability scoring) to support decision making. Final operational decisions may include human review.
2.17 Complaints
2.18.1 Data subjects may contact PSOS first to resolve concerns.
2.18.2 Data subjects also have the right to complain to the Information Commissioner's Office (ICO).
2.18 Role-Specific Privacy Addendum: Customers
2.19.1 Customer organisations must ensure they have lawful authority to provide the personal data required by PSOS relating to Site Managers and other staff.
2.19.2 Customer must keep site and safety information current and accurate.
2.19 Role-Specific Privacy Addendum: Partners and Responders
2.20.1 Responders acknowledge that location data may be processed while online and dispatch-enabled.
2.20.2 Qualification, competency and identity data are processed for safety, trust and legal compliance.
2.20 Role-Specific Privacy Addendum: Suppliers
Supplier contact and performance data are processed for onboarding, fulfilment, compliance and quality management purposes.
2.21 Changes to This Notice
PSOS may update this notice from time to time. Material changes will be notified through in-app prompts, portal notices, or email.
