We’re committed to protecting and respecting your privacy.
The Data Protection Act 1998 requires every organisation that processes personal information to register with the Information Commissioner’s Office (ICO). You can view our registration on the ICO’s Register of Data Controllers.
This policy applies to information we collect about:
- online browsing data if you visit our websites, engage with our social media pages or any online advertising we do (such as via Google or LinkedIn).
- people who engage with us as part of carrying out our regulatory functions in the energy markets.
- people who make enquiries about the environmental schemes that we administer.
- people who subscribe to our online services, e.g. our RSS feeds, e-newsletters, consultation or investigation ‘notify me’ alerts, register to attend an Ofgem event or request a publication from us.
- people who email us.
- people who contact us to make information requests or complaints.
- job applicants and our current and former employees.
Information we collect about you
We collect online browsing information in a way which does not personally identify anyone. We do not capture personal information (such as your name, email address and telephone number) unless it is expressly provided by you. We will tell you when we do want to collect personal information and will explain what we intend to do with it.
Information we collect about you on our websites
We collect standard internet log information when you visit our websites, including the Internet Protocol (IP) address used to connect your computer to the internet.
We also deposit cookies to distinguish you from other users of our websites, to provide you with a good experience when you are browsing and to also help us understand visitor behaviour and improve our sites. For detailed information on the cookies we use and the purposes for which we use them, see our Cookies policy.
Information we collect from other sources
We may receive information about you if you use or follow any of our social media pages on Twitter (@ofgem and @ofgem_schemes), Facebook and LinkedIn. For more information, please see the privacy policies on Twitter, Facebook and LinkedIn.
We also work closely with third parties in their supply of services to us (for example analytics and search information providers or advertising networks), and may get information about you or your online behaviour from them.
We use Google Analytics and Google Adwords services for:
- Technical and visit information on our websites such as: download errors, response times, the date/time/length of a visit to certain pages, page interaction information (scrolling, clicks, mouse-overs), browser type and versions, visit location, referring/exit pages and operating system/platform. This information is not personally identifiable.
- Audience demographics and interest reporting. We use data from Google Adwords’ interest-based reporting (such as age, gender and interests) with Google Analytics. This information is not personally identifiable.
You can opt out of Google Analytics using this browser add-on. You can opt out of Google or LinkedIn advertising analytics or customise the adverts you see though their ad network via Google’s ad settings and LinkedIn’s ad settings.
What we use collected information for
The browsing data we collect and process is routinely recorded by most websites to help monitor performance and improve services to you. We will use the information we collect:
- to improve our websites to ensure that content is presented in the most effective way for you and the devices you use.
- to enable you to use interactive features of our online services, when you choose to do so.
- to administer our websites and for internal operations – including for data analysis, troubleshooting and testing, research and survey purposes.
- as part of our efforts to keep our websites stable and secure.
- to measure or understand the effectiveness of any advertising we do, and to serve relevant advertising to you.
We will process any personal information to facilitate the performance of Ofgem’s regulatory functions, including (but not limited to) the development of regulatory rules to protect the interests of consumers, monitoring and investigating the activities of regulated persons and other persons engaged in commercial activities relating to the energy sector, and enforcing non-compliance with regulatory rules and legislation. Any such processing may include the use of data analytics as required.
If the circumstances require, Ofgem may share personal information both internally and externally with central government departments/agencies, the Citizens Advice Service, Citizens Advice Scotland and other bodies who perform public functions (within the UK or European Union) for purposes which include:
- the detection or prevention of crime
- protecting members of the public (including in respect of financial loss) from dishonesty, malpractice, incompetence or seriously improper conduct, or the unfitness or incompetence of persons authorised to carry on any profession or other activity
- health and safety
- ensuring that competition is not prevented, restricted or distorted.
We will process any personal information to enable Ofgem to carry out its regulatory functions to administer environmental and social programmes, e.g. ECO, FIT, RHI. Any such processing may include the use of data analytics as required.
Our processing of personal information may also include the consideration and investigation of complaints, and enforcement action investigations. If the circumstances require, Ofgem may share personal information both internally and with:
- external central government departments
- devolved administrations
- police forces
- energy industry bodies.
All processing of personal information connected with the administration of the schemes may include crime prevention, combating abuse, misuse and misreporting in relation to the schemes. In some cases, this may require that personal information is processed through our data analytics software.
When you call any of Ofgem's environmental scheme telephone help lines, any processing of your personal data will be fair and transparent.
Our schemes are administered via the following sub-domains:
- Energy Companies Obligation: https://eco.ofgem.gov.uk
- Renewable Obligation (RO) / Climate Change Levy (CCL) / Combined Heat and Power (CHP) / Renewable Energy Guarantees of Origin (REGO) / Feed-in Tariff (FIT): https://renewablesandchp.ofgem.gov.uk
- Non-Domestic Renewable Heat Incentive: https://rhi.ofgem.gov.uk
You may be contacted by Ofgem or our nominated agent to participate in surveys about the delivery of our services. Participation is always voluntary.
Information you give to us
We use a third party provider, dotmailer, to deliver our various e-newsletters and to enable people to subscribe to them.
Dotmailer’s features allow us to capture personal information, such as your name and email address. You can also provide additional information such as the organisation you work for. We may use the information you give to us when subscribing to help us deliver more personalised marketing communications services, including online advertising using Google and LinkedIn advertising services. If we use the information you provide for advertising purposes, it is hashed so as not to be personally identifiable.
If you do not want to receive e-newsletters from us, you can opt out at any time via your subscription preferences or the e-newsletter you receive. For more information on our use of subscription information relative to any online advertising we may do, and how to opt-out or customise the online adverts served to you, see ‘Information we collect from other sources’ in the ‘online browsing information’ section above.
We collect email addresses via our website if a user chooses to subscribe to the ‘notify me’ alerts for when the status of an investigation or consultation changes. We hold this personal data until an investigation or consultation reaches its final decision, after which the data is deleted from our servers. We do not disclose this information to third parties.
We may use a third party provider, Eventbrite, to send event invites, register interest and confirm attendance to Ofgem stakeholder events.
Eventbrite’s features allow us to capture personal information, including your name, contact details, job role and the organisation you work for. We use this to respond directly to enquiries you may send to us about our events. We may also use supplied e-mail addresses for Ofgem marketing purposes, such as to provide you with information on other events. If you do not want to receive these updates from us, you can opt out at any time via the invitations you receive or email firstname.lastname@example.org at anytime and we will remove you from our events distribution list.
Any email sent to us, including any attachments, is monitored for malicious content. The content of your communication with us (including telephone calls) may also be monitored for training or for the purposes of a regulatory compliance investigation.
In relation to certain of the environmental programmes, we may also record some telephone calls for training and/or quality control and/ or monitoring and/or fraud prevention purposes.
When we receive an information request (e.g. under the Environmental Information Regulations 2004 or complaint from a person) or a complaint, we may generate a file. This normally contains the identity of the requester or complainant.
Ofgem will only use the personal information collected to process the matter and to check on the level of service provided. We do compile and publish statistics showing information like the number of information requests or complaints we receive, but not in a form which identifies anyone.
Personal information contained in these files will be kept in line with the Ofgem retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
As part of our external recruitment process, personal information may be shared with our nominated agent. When individuals apply to work at Ofgem, we will only use the information they supply to us to process their application and to monitor recruitment statistics.
Where we want to disclose information to any other third parties (for example where we want to take up a reference or obtain a ‘disclosure’ from either CIFAS, the Disclosure and Barring Service or Disclosure Scotland), we will not do so without informing them beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held on file for six months. After the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with Ofgem, we will compile a file relating to their employment. The information contained in this will be kept confidentially, within a secure location and will only be used for purposes directly relevant to that person’s employment. A person’s personal information may be shared with any third parties as required by their employment within the civil service, including:
- Civil Service Learning
- other government departments for the purposes of a secondment/progression through graduate recruitment training, and/or the fast stream
- pension administrators
- professional groups, e.g. Government Legal Service secretariat
- IT software providers for the purposes of sending electronic communications to staff, e.g. staff updates and surveys sent via email and app technology.
Once their employment with Ofgem has ended, we will retain the file in accordance with the requirements of our data retention policy.
Ofgem tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:
- give you a description of it
- tell you why we are holding it
- tell you who it could be disclosed to
- let you have a copy of the information in an intelligible form.
To make a request to Ofgem for any personal information we may hold or to ask us to correct any mistakes on information we may hold about you, you need to put the request in writing to:
Head of Information Management
Tel: 020 7901 7011
You can request further information from us on:
- agreements we have with other organisations for sharing information
- circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics
- our instructions to staff on how to collect, use and delete personal data
- how we check that the information we hold is accurate and up to date.
Ofgem tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
Head of Information Management
Tel: 020 7901 7011