Privacy notice

Mae’r dudalen yma ar gael yn Gymraeg.

How we use your information

This privacy notice tells you what to expect when Ofgem collects personal information. It applies to information we collect about:

  • visitors to our websites;
  • people who use our services, e.g. who subscribe to our RSS feeds, e-newsletters and email alerts or request a publication from us;
  • people who email Ofgem;
  • people who engage with Ofgem as part of carrying out our regulatory functions in the energy markets;
  • people who make inquiries about the environmental schemes that Ofgem administers;
  • people who contacts us in relation to information requests, complaints and general queries;
  • job applicants and our current and former employees.

The data controller for this website and the processing of any personal data as outlined in this privacy notice is the Gas and Electricity Markets Authority, (GEMA). For ease of reference this privacy notice refers to the administrative office of GEMA, “Ofgem” throughout.

Ofgem’s registration with the Office of the Information Commissioner can be accessed via: Office of the Information Commissioner: Register of Data Controllers

Visitors to our website

When someone visits, we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those who visit our website.

If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Regulatory functions

We will process any personal information in order to facilitate the performance of Ofgem’s regulatory functions, including (but not limited to) the development of regulatory rules to protect the interests of consumers, monitoring and investigating the activities of regulated persons and other persons engaged in commercial activities relating to the energy sector, and enforcing non-compliance with regulatory rules and legislation. Any such processing may include the use of data analytics as required. 

If the circumstances require, Ofgem may share personal information both internally and externally with central government departments/agencies, the Citizen Advice Service, Citizens Advice Scotland and other bodies which perform public functions (within the UK or European Union) for purposes which include:

  • the detection or prevention of crime;
  • protecting members of the public (including in respect of financial loss) from dishonesty, malpractice, incompetence or seriously improper conduct, or the unfitness or incompetence of persons authorised to carry on any profession or other activity;
  • health and safety;
  • ensuring that competition is not prevented, restricted or distorted.

Environmental and social programmes

Including privacy policies for the Domestic RHI

We will process any personal information so as to enable Ofgem to carry out its regulatory functions to administer the environmental and social programmes , e.g. ECO, FIT, RHI. Any such processing may include the use of data analytics as required. 

Our processing of personal information  may also include the consideration and investigation of complaints, and enforcement action investigations.  If the circumstances require, Ofgem may share personal information both internally and with:

  • external central government departments;
  • devolved administrations;
  • agencies;
  • police forces;
  • licensees;
  • energy industry bodies

All processing of personal information connected with the administration of the schemes, may include crime prevention, and combating abuse, misuse and misreporting in relation to the schemes.  In some cases, this may require that personal information is processed through our data analytics software. 

There is an additional privacy policy for the Domestic Renewable Heat Incentive (Domestic RHI): Domestic RHI privacy policy.

When you call any of Ofgem's environmental scheme telephone help lines, any processing of your personal data will be fair and transparent.

Our schemes are administered via the following sub-domains:

You may be contacted by Ofgem or our nominated agent in order to participate in surveys about the delivery of our services (participation is always voluntary).

Our use of cookies

You can read more about how we use cookies on our Cookies policy page.

Some Ofgem schemes require cookie files to be stored on the applicant’s computer in order to function correctly and securely. Please check the terms and conditions when you register with a scheme for further details.

Search engine

Our website search is powered by Solr.  We use Google Analytics to monitor search activity. For more information, including how to opt out, please see our Cookies Policy.

RSS feeds/E-newsletters

We use a third party provider, dotmailer, to deliver our various e-newsletters. We gather statistics around email opening and clicks using industry standard technologies such as embedded images and tracking codes on links to help us monitor and improve our communications.  For more information, please see dotmailer’s privacy policy.

We do not track usage of RSS feeds.

Contacting Ofgem

Any email sent to us, including any attachments, is monitored for malicious content. The content of your communication with us (including telephone calls) may also be monitored for training or for the purposes of a regulatory compliance investigation.

In relation to certain of the environmental programmes, we may also record some telephone calls for training and/or quality control and/ or monitoring and/or fraud prevention purposes.   

People who contact us

When we receive an information request (e.g. under the Environmental Information Regulations 2004 or complaint from a person), we may generate a file. This normally contains the identity of the requester or complainant or requester.

Ofgem will only use the personal information collected to process the matter and to check on the level of service provided. We do compile and publish statistics showing information like the number of information requests or complaints we receive, but not in a form which identifies anyone.

Personal information contained in these files will be kept in line with the Ofgem retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Job applicants, current and former Ofgem employees

As part of our external recruitment process, personal information may be shared with our nominated agent. When individuals apply to work at Ofgem, we will only use the information they supply to us to process their application and to monitor recruitment statistics. 

Where we want to disclose information to any other third parties, (for example where we want to take up a reference or obtain a ‘disclosure’ from either CIFAS, the Disclosure and Barring Service or Disclosure Scotland), we will not do so without informing them beforehand unless the disclosure is required by law. 

Personal information about unsuccessful candidates will be held on file for 6 months. After the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once a person has taken up employment with Ofgem, we will compile a file relating to their employment. The information contained in this will be kept confidentially, within a secure location and will only be used for purposes directly relevant to that person’s employment.  A person’s personal information may be shared with any third parties as required by their employment within the civil service, including:

  • Civil Service Learning;
  • HMRC; 
  • other government departments for the purposes of a secondment/progression through graduate recruitment training, and/or the fast stream;
  • pension administrators;
  • professional groups, e.g. Government Legal Service secretariat;
  • IT software providers for the purposes of sending electronic communications to staff, e.g. staff updates and surveys sent via email and app technology.

Once their employment with Ofgem has ended, we will retain the file in accordance with the requirements of our data retention policy.

Complaints or queries

Ofgem tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Ofgem’s’ collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.

Access to personal information

Ofgem tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

To make a request to Ofgem for any personal information we may hold you need to put the request in writing addressing it to the Head of Information Management, or writing to the address provided below.

If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting the Head of Information Management.

Disclosure of personal information

You can also get further information on:

  • agreements we have with other organisations for sharing information;
  • circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics;
  • our instructions to staff on how to collect, use and delete personal data; and
  • how we check that the information we hold is accurate and up to date.

How to contact us

If you want to request information about our privacy policy you can email us or write to:

Head of Information Management
9 Millbank

Tel: 020 7901 7011


Changes to this privacy notice

This privacy notice does not cover the links within this site linking to other websites.

We keep our privacy notice under regular review. This privacy notice was last updated on 30 January 2017.