Privacy policy

We will always explain clearly what information we’re collecting about you and why. If we ask for your information we will:

• make sure you know why we need it
• only ask for what we need
• keep it securely
• let you know if we share it with others
• only keep it for as long as we need to
• not make it available for commercial (marketing) purposes without your permission

We respect your right to make informed decisions about your information. Fair processing of information means you have control over how your information is used. You can find out more about how we can help you to do this below.

Your trust is very important to us. So we’re committed to keeping your information safe and secure. We will only use your information to improve services to you, communicate with you, and to fulfil our legal obligations as the energy regulator. 

In return, we ask you to:

• give us accurate information
• tell us as soon as possible if there are any changes such as a new address

This helps us keep your information reliable and up to date.

This privacy policy tells you what to expect when Ofgem collects your personal information. It applies to information we collect about: 

• visitors to our website or social media channels
• people who engage with any online advertising we do (such as through Google or LinkedIn)
• people who engage with Ofgem as part of carrying out our regulatory and NIS competent authority functions in the energy markets
• people who make enquiries about and applications to any environmental schemes that Ofgem administers
• people who subscribe to our online services eg, our RSS feeds, e-newsletters, social media channels, email alerts or request a publication from us
• people who email Ofgem
• people who contact us in relation to information requests, complaints and general enquiries
• job applicants and our current and former employees.

The Controller for the processing of any personal information as outlined in this privacy policy is the Gas and Electricity Markets Authority, (GEMA). For ease of reference this privacy policy refers to the administrative office of GEMA, ‘Ofgem’ and  ‘we’ ‘us’ and ‘our’ throughout. 

Ofgem’s registration with the Office of the Information Commissioner can be accessed via: Office of the Information Commissioner: Controllers

Any information you provide will not be transferred outside the European Economic Area. Where we use cloud processing to support our data processing, the servers are located within the European Economic Area.

You can read about how we collect and process information across our digital channels in our website and digital channels privacy notice.

Our Cookies policy lists the cookies we use when you visit our website. It also explains your choices on their use.

Some Ofgem schemes need cookie files to be stored on an applicant or participant’s computer to work correctly and securely. Please check the terms and conditions when you register with a scheme for further details.

We will process your personal information in order to perform our regulatory and NIS competent authority functions, including (but not limited to) the development of rules to protect the interests of consumers, monitoring and investigating the activities of regulated persons and others engaged in commercial activities relating to the energy sector, and enforcing non-compliance with regulatory rules and legislation. This processing will include the use of data analytics as required. 

Ofgem may share personal information with central government departments/agencies, the Citizen Advice Service, Citizens Advice Scotland and other bodies which perform public functions (within the UK or European Union) for purposes which include:

• the detection or prevention of crime;
• protecting members of the public (including in respect of financial loss) from dishonesty, malpractice, incompetence or seriously improper conduct, or the unfitness or incompetence of persons authorised to carry on any profession or other activity;
• health and safety; and
• ensuring that competition is not prevented, restricted or distorted.

We will process your personal information to enable us to administer our environmental schemes, namely; 

Climate Change Levy (CCL)
Domestic Renewable Heat Incentive (DRHI)
Energy Companies Obligation (ECO)
Feed-in Tariff (FIT)
Non-Domestic Renewable Heat Incentive (NDRHI)
Non-Fossil Fuel Obligation (NFFO)
Northern Ireland Renewable Heat Incentive (NI RHI)
Northern Ireland Renewable Obligation (NI RO)
Offtaker of Last Resort (OLR)
Renewable Energy Guarantees of Origin (REGO)
Renewable Obligation (RO)
Smart Export Guarantee (SEG)

BEIS has named Ofgem as the intended administrator for two new schemes: the Green Gas Support Scheme and the Clean Heat Grant. As part of establishing these schemes, we will process personal information for the purposes of carrying out consumer research.

This may include the use of data analytics. 

Processing your information may include the consideration and investigation of complaints, and enforcement action investigations. If the circumstances require, we may share your personal information with:

• external central government departments
• devolved administrations
• agencies
• police forces
• licensees
• energy industry bodies.

Personal information processed as part of the administration of the schemes, may include crime prevention, combating abuse, and misuse and misreporting in relation to the schemes. We may also use your personal information to inform you about, or provide you with literature or services about our schemes. In some cases, this may include the use of data analytics. 

Fair and transparent processing of your information applies when you call any of our scheme help lines.

Please see below Privacy notices for the Environmental and social programmes Ofgem administers:

• Renewable Electricity schemes
• Non-Domestic Renewable Heat Incentive scheme
• Domestic Renewable Heat Incentive scheme
• Northern Ireland Renewable Heat Incentive scheme 
• Energy Companies Obligation scheme

Any emails we receive, including any attachments, are monitored for malicious content. The content of communications with us (including telephone calls) may also be monitored for training or for the purposes of a regulatory compliance investigation.
Some of our environmental schemes may also record some telephone calls for training, quality control, monitoring and fraud prevention purposes.   

When we receive a Freedom of Information or other information request (e.g. Environmental Information Regulations 2004) or a complaint from you, we may generate a file. This normally contains the identity of the requester or complainant.

We will only use your personal information to process the request and to check on the level of service provided. We compile and publish statistics about the number of information requests or complaints we receive, but not in a form which would identify you.

Personal information contained in these files is retained in a secure environment and access is restricted to Ofgem employees.

Personal information relating to Information requests and complaints to Ofgem is deleted when it may no longer have relevance for investigations and enforcement action. As such, it is not kept for longer than five years.

When you apply to work for us, we will only use the information you give us to process your application and to monitor recruitment statistics. As part of our external recruitment process, your personal information may be shared with nominated agents.

Where we disclose information to any other third parties, (for example where we want to take up a reference or obtain a ‘disclosure’ from either CIFAS, the Disclosure and Barring Service or Disclosure Scotland), we will not do so without telling you first, unless the disclosure is required by law. 

Personal information about unsuccessful candidates will be held on file for 6 months after the recruitment exercise has been finished, it will then be destroyed or deleted. We retain anonymized statistical information about applicants to inform our recruitment activities, but no individuals can be identified from that data.

When you work for us, we will compile a file relating to your employment. The information contained in this will be kept in a secure location and will only be used for purposes directly relevant to your employment.  Your information may be shared with third parties within the civil service, including:

• Civil Service Learning
• HMRC
• other government departments for the purposes of a secondment/progression through graduate recruitment training, and/or the fast stream
• pension administrators
• professional groups, e.g. Government Legal Service secretariat.  

Once your employment with us has ended, we will keep your file until it is no longer needed. It may be kept for pay, pensions, health and safety, medical and other employment reasons and potentially for up to 20 years depending on your age when you leave Ofgem.

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

We try to be as open as we can be in terms of giving you access to your personal information. You can find out if we hold any personal information about you by making a ‘subject access request’ (SAR) under the General Data Protection Regulation If we do hold information about you we will:

• give you a description of it;
• tell you why we are holding it;
• tell you who it could be disclosed to; and
• let you have a copy of the information in an intelligible form.

If we hold information about you, you have the right to:

• Be informed about the data information we hold about you,
• Access the information we hold about you,
• Have your personal information corrected if it is incomplete or inaccurate,
• Ask us to restrict how we process your information,
• Object to certain ways we use your information, and
• In some circumstances, you may have a right to object to Ofgem processing your information.

To see the full suite of new consumer rights available to you under GDPR, please refer to the ICO website.

You can also get information about:

• agreements we have with other organisations for sharing information
• circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics
• our instructions to staff on how to collect, use and delete personal data
• how we check that the information we hold is accurate and up to date.

If you would like to:

• make an FOI or EIR request please refer to Freedom of Information section. 
• make a complaint about Ofgem please refer to Complaints about Ofgem section.
• make a Subject Access Request please refer to Subject Access Request section.
• exercise any of your rights and/or request information about our privacy policy please contact our Data Protection Officer by email on dpo@ofgem.gov.uk or alternatively write to us at: 

The Data Protection Officer
Ofgem
10 South Colonnade
Canary Wharf
London 
E14 4PU

You have a right to complain to the Information Commissioner

If you want to complain about how we have handled your information you can report it direct to the Information Commissioner’s Office at the following address:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113

Online: Live chat

This privacy policy does not cover the links within this site linking to other websites. We keep our privacy policy under regular review. This privacy policy was last updated on 14 April 2021.