Ofgem privacy policy

This privacy policy applies to information we collect about: 

• visitors to our website or social media channels
• people who engage with any online advertising we do (such as through Google or LinkedIn)
• people who engage with Ofgem directly or via a third party (such as a consumer group) as part of carrying out our regulatory (including REMIT) and NIS competent authority functions in the energy markets
• people who engage with Ofgem directly or via a third party (such as a consumer group) as part of carrying out our regulatory and NIS competent authority functions in the energy markets
• people who make enquiries about and applications to any environmental schemes that Ofgem administers
• people who subscribe to our online services eg, our RSS feeds, e-newsletters, social media channels, email alerts or request a publication from us
• people who email Ofgem
• people who contact us in relation to information requests, complaints and general enquiries
• job applicants and our current and former employees.

The Controller for the processing of any personal information as outlined in this privacy policy is the Gas and Electricity Markets Authority, (GEMA). For ease of reference this privacy policy refers to the administrative office of GEMA, ‘Ofgem’ and  ‘we’ ‘us’ and ‘our’ throughout.

Ofgem’s registration with the Office of the Information Commissioner can be accessed via: Office of the Information Commissioner: Controllers

Any information you provide will not be transferred outside the European Economic Area. Where we use cloud processing to support our data processing, the servers are located within the European Economic Area.

We collect and process your personal data where we are required to by law, because it's necessary to carry out our public functions and powers, because it is carried out in the public interest or in some cases necessary for the purposes of the legitimate interests of Ofgem. Where this is the case we do not need your consent. We may in some instances ask for your consent, but only where you have a genuine choice, such as where we are seeking your views as part of a consultation.

Where necessary, we also process criminal offence and special category data in line with our obligations under the DPA 2018 and UK GDPR.

Emails and telephone calls

Any emails we receive, including any attachments, are monitored for malicious content. The content of communications with us (including telephone calls) may also be monitored for training or for the purposes of a regulatory compliance investigation.

Some of our environmental schemes may also record some telephone calls for training, quality control, monitoring and fraud prevention purposes.

Job applicants, current and former employees

When you apply to work for us, we will only use the information you give us to process your application and to monitor recruitment statistics. As part of our external recruitment process, your personal information may be shared with nominated agents.

Where we disclose information to any other third parties, (for example where we want to take up a reference or obtain a ‘disclosure’ from either CIFAS, the Disclosure and Barring Service or Disclosure Scotland), we will not do so without telling you first, unless the disclosure is required by law. 

Personal information about unsuccessful candidates will be held on file for six months after the recruitment exercise has been finished, it will then be destroyed or deleted. We retain anonymised statistical information about applicants to inform our recruitment activities, but no individuals can be identified from that data.

When you work for us, we will compile a file relating to your employment. The information contained in this will be kept in a secure location and will only be used for purposes directly relevant to your employment. Your information may be shared with third parties within the civil service, including:

• Civil Service Learning
• HMRC
• other government departments for the purposes of a secondment/progression through graduate recruitment training, and/or the fast stream
• pension administrators
• professional groups, e.g. Government Legal Service secretariat.  

Once your employment with us has ended, we will keep your file until it is no longer needed. It may be kept for pay, pensions, health and safety, medical and other employment reasons, and potentially for up to 20 years depending on your age when you leave Ofgem.

If we hold information about you, you have the right to:

• be informed about the data information we hold about you
• access the information we hold about you
• have your personal information corrected if it is incomplete or inaccurate,
• ask us to restrict how we process your information
• object to certain ways we use your information
• in some circumstances, you may have a right to object to Ofgem processing your information.

To see the full suite of new consumer rights available to you under GDPR, please refer to the ICO website.

You can find out if we hold any personal information about you by making a ‘subject access request’ (SAR) under the General Data Protection Regulation. If we do hold information about you we will:

• give you a description of it
• tell you why we are holding it
• tell you who it could be disclosed to
• let you have a copy of the information in an intelligible form.

You can also get information about:

• agreements we have with other organisations for sharing information
• circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics
• our instructions to staff on how to collect, use and delete personal data
• how we check that the information we hold is accurate and up to date.

When we receive a Freedom of Information or other information request (e.g. Environmental Information Regulations 2004) or a complaint from you, we may generate a file. This normally contains the identity of the requester or complainant.

We will only use your personal information to process the request and to check on the level of service provided. We compile and publish statistics about the number of information requests or complaints we receive, but not in a form which would identify you.

Personal information contained in these files is retained in a secure environment and access is restricted to Ofgem employees. 

Personal information relating to Information requests and complaints to Ofgem is deleted when it may no longer have relevance for investigations and enforcement action. As such, it is not kept for longer than 5 years.

Material featured on this website is subject to Crown copyright protection unless otherwise indicated. You may use Crown copyright information (not including logos) free of charge in any format or medium, under the terms of the Open Government Licence.

The permission to reproduce Crown copyright material does not extend to any material on this website that is identified as being the copyright of a third party. Authorisation to reproduce such material would need to be obtained from the copyright holders concerned.

Hyperlinking & sharing

Users are free to embed video features from and establish hypertext links to this website.

We are not responsible for the content or reliability of third party websites to which we link. Listing should not be taken as endorsement of any kind. We cannot guarantee these links will work all the time and we have no control over the availability of linked pages.

We collect and process personal information when you visit Ofgem’s digital channels. This includes our:

• website – Ofgem.gov.uk
• e-newsletters and subscription-based ‘notify me’ alerts
• events registration

It also covers information we may collect from other online sources such as analytics and search information providers or advertising networks in their supply of services to us.

Website and advertising analytics

We work closely with third parties in their supply of services to us (for example analytics and search information providers or advertising networks) and will get information about you or your online behaviour from them.

We use Google Analytics, Google Tag Manager and Google Signals services for:

• Technical and visit information on our websites such as: download errors, response times, the date/time/length of a visit to certain pages, page interaction information (scrolling, clicks, mouse-overs), browser type and versions, visit location, referring/exit pages and operating system/platform. This information is not personally identifiable.
• Audience demographics and interest reporting. We use data from Google Signals interest-based reporting (such as age, gender and interests) with Google Analytics. This information is not personally identifiable.

You can control your privacy settings for Google products on their Privacy Checkup page. You can opt out of Google Analytics using this browser add-on. You can opt out of Google advertising analytics or customise the adverts you see though their ad network via Google’s ad settings. The data we collect through Google Signals is retained for 26 months, after which it is deleted.

We use Hotjar, a third party web analytics and surveying provider, to record visitor interactions (such as mouse clicks, mouse movement and scroll activity on our websites) and survey website visitors. Hotjar also collects information such as browser type & version, country, device used, operating system and date/time of visit. See the Hotjar privacy policy for more information.

Information collected directly

Online browsing information

When you visit our website a cookie message will appear in the middle of the page asking you to agree with the default cookie settings or review your settings. In keeping with ICO requirements, you will not be able to browse the website until you have made a decision. If you change, your mind about the decision you have made you can always change your settings again by clicking on the cog in the bottom left hand side of the web page.

We collect standard internet log information when you visit our websites, including the Internet Protocol (IP) address used to connect your computer to the internet. We collect online browsing information in a way which does not personally identify anyone. We do not capture personal information (such as your name, email address and telephone number) unless it is expressly provided by you.

We also deposit cookies to distinguish you from other users of our websites, to provide you with a good experience when you are browsing and to also help us understand visitor behaviour and improve our sites. For detailed information on the cookies we use and the purposes for which we use them, see our Cookies policy.

E-newsletter subscription information

We use a third party provider, Dotdigital, to deliver our various e-newsletters and to enable people to subscribe to them.

Dotdigital’s features allow us to capture personal information, such as your name and email address. You can also provide additional information such as the organisation you work for. We may use the information you give to us when subscribing to help us deliver more personalised marketing communications services.

If you do not want to receive e-newsletters from us, you can opt out at any time via your subscription preferences or the e-newsletter you receive. For more information on our use of subscription information relative to any online advertising we may do, and how to opt-out or customise the online adverts served to you, see the ‘website analytics and advertising’ section above.

We gather statistics on email opens, clicks and click-through streams using industry standard technologies such as embedded images and tracking codes on links. We use this information to help us monitor and improve our communications. Read Dotdigital’s article - Understand open tracking and link tracking.

See Dotdigital’s privacy policy for further information.

Investigation and consultation ‘notify me’ alert subscriptions 

We use the GOV.UK Notify Service if a user chooses to subscribe to the ‘notify me’ alerts for when the status of an investigation or consultation changes. For more information, see the GOV.UK Notify privacy notice.

Consultations and calls for input

We use Citizen Space, a third-party digital engagement platform to collect responses to consultations and calls for input.

Read how we consult and how collected information is used on the about page on Citizen Space.

Cookies must be enabled while on the platform so that responses can be collected. Read more information about cookies in the Citizen Space Cookie Policy.

Website surveys

We use SurveyMonkey, a third party survey provider, to capture response data on requests for Ofgem staff to speak at external events For more information, see the SurveyMonkey privacy policy.

On select pages you may see a short form asking if you have found the page useful. The information provided is stored in our content management system and is used to help us identify areas we can improve. We do not require or store any personal information through this process.

Online event invites and registration

We may use a third party provider, Eventbrite, to send event invites, register interest and confirm attendance to Ofgem stakeholder events.

Eventbrite’s features allow us to capture personal information, including your name, contact details, job role and the organisation you work for. We use this to respond directly to enquiries you may send to us about our events. We may also use supplied e-mail addresses for Ofgem marketing purposes, such as to provide you with information on other events. If you do not want to receive these updates from us, you can opt out at any time via the invitations you receive or email stakeholders@ofgem.gov.uk at any time and we will remove you from our events distribution list.

We collect statistics about event invite engagement, such as clicks, opens and response rates. For more information, please see Eventbrite’s privacy policy.

Why we need to collect and process your information 

The browsing data we collect and process is routinely recorded by most websites to help monitor performance and improve services to you. We will use the information we collect:

• to improve our websites to ensure that content is presented in the most effective way for you and the devices you use.
• to enable you to use interactive features of our online services, when you choose to do so.
• to administer our websites and for internal operations – including for data analysis, troubleshooting and testing, research and survey purposes.
• as part of our efforts to keep our websites stable and secure.
• to measure or understand the effectiveness of any advertising we do, and to serve relevant advertising to you.

View our Cookies policy for information on what we do and how we use them.

Ofgem social media channels 

Twitter (currently known as X)

Our Twitter channel @Ofgem operates to speak to consumers about issues directly relevant to them.

We will respond to customer questions sent to @ofgem from @ofgem as appropriate.

We may follow you on Twitter – being followed by us does not imply endorsement of any kind.

LinkedIn

We run one LinkedIn company page for Ofgem as a whole.

We use it to post news updates and opinion pieces relevant to our work in the energy sector and protecting consumers, and to share information about Ofgem as a place to work.

Facebook

We run a Facebook page to connect and share news with consumers in our sector.

Instagram

We run an Instagram page to connect and share news with consumers in our sector.

NextDoor

We run a NextDoor page to connect and share news with consumers in our sector.

Interacting on social media

The Ofgem communications team moderate our channels from Monday to Friday during office hours.

We make no commitment to respond to every single individual comment, post or tweet on any platform, and cannot engage on issues of party politics.

Being ‘liked’ or retweeted by one of our social media channels does not imply endorsement of any kind.

We accept no responsibility for the Twitter, Facebook, LinkedIn, Instagram and NextDoor sites' commenting function being unavailable.

We will abide by the Terms of Use set by each social media platform.

Participation and moderation guidelines

We are keen to use our social media channels to engage with the public. However, when posting comments, please observe our participation guidelines:

• be respectful of others who use the platform.
• stay on topic.
• keep comments concise.
• do not spam the comments board. Spamming is when you resubmit the same or similar comment across our social media posts multiple times.
• do not use language that is offensive, inflammatory or provocative (this includes, but is not limited to, comments that use language that is threatening, racist, sexist, homophobic, obscene or offensive - such as swearing).
• do not break the law (this includes libel, condoning illegal activity and contempt of court).
• do not use the platform for party political purposes or post information that could break election or referendum rules. Ofgem is funded by supplier licence fees and with public money, so it's inappropriate to engage in party-political activity.
• please do not post personal information in comments such as addresses, phone numbers, e-mail addresses or other online contact details, which may relate to you or other individuals.
• do not impersonate or falsely claim to represent a person or an organisation.
• do not attempt to log on using another user’s account.
• do not make any commercial endorsement or promotion of any product, service or publication. 
• do not post unsuitable links. Unsuitable links include those that may initiate an immediate file download, or that contravene the guidelines listed above.  
• if you are aged 16 or under, please get the permission of your parent or guardian before participating. Users without this consent are not allowed to participate.

Comments will be reviewed as necessary to check they comply with the participation guidelines. If we consider behaviours or actions consistently do not comply, we will take action to moderate, restrict or ultimately block the user's contact with the Ofgem community on the platform. In cases of blocking, we will contact the individual explaining why the behaviour is unacceptable and that their behaviour must change for future engagement on the platform. Appeals can be made following the guidelines on the Complaints about Ofgem page.

We don't consider behaviour as being unacceptable just because a person is determined or forceful. If there is a legitimate request for information within our remit in the comment, it is reasonable to provide that information. If no legitimate request for information is included, we will not respond. 

We operate a zero tolerance policy to aggressive or abusive conduct. This includes, but is not limited to, use of language that is threatening, racist, sexist, homophobic, or offensive - such as swearing. All incidents of blocked contact due to unreasonable conduct are recorded. 

On all social media platforms we use, we will delete:

• abusive, racist, sexist, homophobic or inflammatory comments
• nuisance comments considered to be spam
• personal information given such as telephone numbers and address details.

Our approach to moderation

Here is a brief outline of how we evaluate queries and comments on our social media channels:

1. Is the query/comment on topic, does it add value to the discussion and can Ofgem answer publicly?

If so, we will post a timely response. We will not post at weekends or days which are public holidays in England.

2. Does the query/comment refer to a specific complaint or issue with an energy company?

We don't have a direct role in dealing with individual disputes or issues between customers and their energy suppliers, but do work closely with Citizens Advice and Ombudsman Services to ensure you are treated fairly. Though our social media channels, we will share relevant news and signpost help and advice content to assist consumers. If you have a specific support issue or complaint with an energy company, then we will direct you to our step-by-step guide on making an enquiry or complaint about a supplier and/or our online Consumer Help Centre. 

3. Does the query/comment raise an issue with the policies of a government environmental programme we administer? 

If so, then we will refer you to the Department for Business, Energy & Industrial Strategy responsible for the programme policy. If the query/comment relates to our administration of the scheme, we will refer you to our Environmental Programme information pages and/or helplines.

4. Does the query/comment relate to whistleblowing?

If so, then we will refer you to our Whistleblowing advice page.

5. Does the query/comment refer to a specific complaint against Ofgem?

If so, then we will refer you to our Complaints about Ofgem page.

6. Does the query/comment raise a request under the Freedom of Information (FOI) Act 2000 and/or the Environmental Information Regulations 2004 (EIR)?

If so, then we will refer you to our Information requests page.

7. Does the query/comment raise an issue with the Ofgem website? Or is it reporting a bug or performance problem?

If so, we will alert the team responsible for fixing the issue and tell the user this has been done.

We reserve the right to make amendments to this policy as necessary.

Social Listening

We monitor publicly available media including social media data, using commercially available media monitoring tools. The data we obtain from media monitoring tools is used to create insight reports that are shared with government colleagues within the UK and partner government teams from Europe and the United States. The data gathered through tools may include social media handles and content from posts which are publicly available. Insight reports will be anonymised, and will not include any personal data gathered from media monitoring. The social media data is gathered through publicly available information on platforms such as Twitter (currently known as X) and Facebook.

We will process your personal information in order to perform our regulatory (including REMIT) and NIS competent authority functions, including (but not limited to) the development of rules to protect the interests of consumers, monitoring and investigating the activities of regulated persons and others engaged in commercial activities relating to the energy sector, and enforcing non-compliance with regulatory rules and legislation. This processing will include the use of data analytics as required.

Ofgem may share personal information with central government departments/agencies, the Citizen Advice Service, Citizens Advice Scotland and other bodies which perform public functions (within the UK or European Union) for purposes which include:

• the detection or prevention of crime;
• protecting members of the public (including in respect of financial loss) from dishonesty, malpractice, incompetence or seriously improper conduct, or the unfitness or incompetence of persons authorised to carry on any profession or other activity;
• health and safety; and
• ensuring that competition is not prevented, restricted or distorted.

Environmental and Social Schemes

We will process your personal information to enable us to administer our environmental schemes, namely; 

• Boiler Upgrade Scheme (BUS)
• Climate Change Levy (CCL)
• Domestic Renewable Heat Incentive (DRHI)
• Energy Companies Obligation (ECO)
• Feed-in Tariff (FIT)
• Green Gas Levy (GGL)
• Green Gas Support Scheme (GGSS)
• Non-Domestic Renewable Heat Incentive (NDRHI)
• Non-Fossil Fuel Obligation (NFFO)
• Northern Ireland Renewable Heat Incentive (NI RHI)
• Northern Ireland Renewable Obligation (NI RO)
• Offtaker of Last Resort (OLR)
• Renewable Energy Guarantees of Origin (REGO)
• Renewable Obligation (RO)
• Smart Export Guarantee (SEG)

This may include the use of data analytics

Processing your information may include the consideration and investigation of complaints, and enforcement action investigations. If the circumstances require, we may share your personal information with:

• external central government departments
• devolved administrations
• agencies
• police forces
• licensees
• energy industry bodies.

Personal information processed as part of the administration of the schemes, may include crime prevention, combating abuse, and misuse and misreporting in relation to the schemes. We may also use your personal information to inform you about, or provide you with literature or services about our schemes. In some cases, this may include the use of data analytics. 

Fair and transparent processing of your information applies when you call any of our scheme help lines.

Please see below Privacy notices for the Environmental and social programmes Ofgem administers:

• Renewable Electricity schemes
• Non-Domestic Renewable Heat Incentive scheme
• Domestic Renewable Heat Incentive scheme
• Northern Ireland Renewable Heat Incentive scheme 
• Energy Companies Obligation scheme
• Green Gas Support Scheme
• Green Gas Levy scheme
• Boiler Upgrade Scheme Privacy Notice - Installers
• Boiler Upgrade Scheme Privacy Notice - Property Owners

The website and material relating to government information, products and services (or to third party information, products and services), are provided 'as is', without any representation or endorsement made and without warranty of any kind whether express or implied, including but not limited to implied warranties of satisfactory quality, fitness for a particular purpose, non-infringement of any intellectual property or other rights, compatibility, security and accuracy.

The material on the website is not and should not be regarded as legal or professional advice. Users should seek their own legal or other professional advice where appropriate.

We do not warrant that provision of the website or access to the material contained in the website will be uninterrupted or error free, that defects will be corrected, or that the website or the server that makes it available are free of viruses nor do we make any warranties or representations regarding the functionality, accuracy or reliability of the website or the content thereof. To the fullest extent permissible by law we shall not in any event be liable for any loss or damage arising out of or in connection with the use of, or inability to use the website and any materials accessible through the website including, without limitation, indirect or consequential loss or damage, loss of data, income, profit or opportunity, loss of or damage to property and claims of third parties even if we have been advised of the possibility of such loss or damages arising.

Retail and wholesale market indicators and data

Ofgem’s market indicators and related data have been published with a view to promoting the interests of gas and electricity consumers, eg by facilitating commentary and debate by industry participants and academics. It is not intended that the data should be used or relied on for any commercial purposes.

While every reasonable effort is made to ensure that the information provided through these market indicators is accurate, Ofgem makes no guarantees for the currency or accuracy of information. The information provided through Ofgem's market indicators is provided without any representation or endorsement made and without warranty of any kind, whether express or implied, including but not limited to the implied warranties of non-infringement, compatibility, security and accuracy.

Ofgem does not warrant that the market indicators and related data contained on this site will be uninterrupted or error free. Also, while Ofgem will endeavour to correct promptly any errors that are brought to its attention, Ofgem does not warrant that defects will be corrected, or that this site or the server that makes it available is free of viruses or represent the full functionality, accuracy, and reliability of the materials. Please refer to the general disclaimer above and the virus protection notice below.

Virus protection

We make every effort to check and test material at all stages of production. It is always wise for you to run an anti-virus program on all material downloaded from the internet. We cannot accept any responsibility for any loss, disruption or damage to your data or your computer system that may occur whilst using material derived from the website.

Governing law and jurisdiction

These Terms and Conditions shall be governed by and construed in accordance with the laws of England and Wales. Any dispute arising under these Terms and Conditions shall be subject to the exclusive jurisdiction of the courts of England and Wales.

Contact us

If you would like to:

• make an FOI or EIR request please refer to Freedom of Information section. 
• make a complaint about Ofgem please refer to Complaints about Ofgem section.
• make a Subject Access Request please refer to Subject Access Request section.
• exercise any of your rights and/or request information about our privacy policy, please contact our Data Protection Officer by email on dpo@ofgem.gov.uk or alternatively write to us at: 

The Data Protection Officer
Ofgem
10 South Colonnade
Canary Wharf
London 
E14 4PU

Complaints

You have a right to complain to the Information Commissioner.

If you want to complain about how we have handled your information, you can report it to the Information Commissioner’s Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113

Online: ICO Website