Privacy policy

Mae’r dudalen yma ar gael yn Gymraeg.

Keeping your information safe

We take your privacy very seriously. 

So please take the time to see what we’re doing with your personal information and how we’re keeping it secure. It’s all here in our Privacy Promise and Privacy Policy.

Ofgem privacy promise 

Our privacy promise covers how we treat your information and put you in control of what happens to it. It’s based around three main areas:


We will always explain clearly what information we’re collecting about you and why. If we ask for your information we will:

  • make sure you know why we need it
  • only ask for what we need
  • keep it securely
  • let you know if we share it with others
  • only keep it for as long as we need to
  • not make it available for commercial (marketing) purposes without your permission


We respect your right to make informed decisions about your information. Fair processing of information means you have control over how your information is used. You can find out more about how we can help you to do this below.


Your trust is very important to us. So we’re committed to keeping your information safe and secure. We will only use your information to improve services to you, communicate with you, and to fulfil our legal obligations as the energy regulator. 

In return, we ask you to:

  • give us accurate information
  • tell us as soon as possible if there are any changes such as a new address

This helps us keep your information reliable and up to date.

Ofgem privacy policy

How we use your information


This privacy policy tells you what to expect when Ofgem collects your personal information. It applies to information we collect about: 

  • visitors to our website or social media channels
  • people who engage with any online advertising we do (such as through Google or LinkedIn)
  • people who engage with Ofgem as part of carrying out our regulatory and NIS competent authority functions in the energy markets
  • people who make enquiries about and applications to any environmental schemes that Ofgem administers
  • people who subscribe to our online services eg, our RSS feeds, e-newsletters, social media channels, email alerts or request a publication from us
  • people who email Ofgem
  • people who contact us in relation to information requests, complaints and general enquiries
  • job applicants and our current and former employees.

Data control at Ofgem


The Controller for the processing of any personal information as outlined in this privacy policy is the Gas and Electricity Markets Authority, (GEMA). For ease of reference this privacy policy refers to the administrative office of GEMA, ‘Ofgem’ and  ‘we’ ‘us’ and ‘our’ throughout. 

Ofgem’s registration with the Office of the Information Commissioner can be accessed via: Office of the Information Commissioner: Controllers

Sharing your information outside the European Economic Area


Any information you provide will not be transferred outside the European Economic Area. Where we use cloud processing to support our data processing, the servers are located within the European Economic Area.

Information we collect

Online browsing information and cookies


You can read about how we collect and process information across our digital channels in our website and digital channels privacy notice.

Our Cookies policy lists the cookies we use when you visit our website. It also explains your choices on their use.

Some Ofgem schemes need cookie files to be stored on an applicant or participant’s computer to work correctly and securely. Please check the terms and conditions when you register with a scheme for further details.

Regulatory functions


We will process your personal information in order to perform our regulatory and NIS competent authority functions, including (but not limited to) the development of rules to protect the interests of consumers, monitoring and investigating the activities of regulated persons and others engaged in commercial activities relating to the energy sector, and enforcing non-compliance with regulatory rules and legislation. This processing will include the use of data analytics as required. 

Ofgem may share personal information with central government departments/agencies, the Citizen Advice Service, Citizens Advice Scotland and other bodies which perform public functions (within the UK or European Union) for purposes which include:

  • the detection or prevention of crime;
  • protecting members of the public (including in respect of financial loss) from dishonesty, malpractice, incompetence or seriously improper conduct, or the unfitness or incompetence of persons authorised to carry on any profession or other activity;
  • health and safety; and
  • ensuring that competition is not prevented, restricted or distorted.

Environmental and social programmes


We will process your personal information to enable us to administer our environmental schemes, namely; 

Climate Change Levy (CCL)
Domestic Renewable Heat Incentive (DRHI)
Energy Companies Obligation (ECO)
Feed-in Tariff (FIT)
Non-Domestic Renewable Heat Incentive (NDRHI)
Non-Fossil Fuel Obligation (NFFO)
Northern Ireland Renewable Heat Incentive (NI RHI)
Northern Ireland Renewable Obligation (NI RO)
Offtaker of Last Resort (OLR)
Renewable Energy Guarantees of Origin (REGO)
Renewable Obligation (RO)
Smart Export Guarantee (SEG)

BEIS has named Ofgem as the intended administrator for two new schemes: the Green Gas Support Scheme and the Clean Heat Grant. As part of establishing these schemes, we will process personal information for the purposes of carrying out consumer research.

This may include the use of data analytics. 

Processing your information may include the consideration and investigation of complaints, and enforcement action investigations. If the circumstances require, we may share your personal information with:

  • external central government departments
  • devolved administrations
  • agencies
  • police forces
  • licensees
  • energy industry bodies.

Personal information processed as part of the administration of the schemes, may include crime prevention, combating abuse, and misuse and misreporting in relation to the schemes. We may also use your personal information to inform you about, or provide you with literature or services about our schemes. In some cases, this may include the use of data analytics. 

Fair and transparent processing of your information applies when you call any of our scheme help lines.

Please see below Privacy notices for the Environmental and social programmes Ofgem administers:

Information you give to us

Emails to Ofgem

Any emails we receive, including any attachments, are monitored for malicious content. The content of communications with us (including telephone calls) may also be monitored for training or for the purposes of a regulatory compliance investigation.
Some of our environmental schemes may also record some telephone calls for training, quality control, monitoring and fraud prevention purposes.   

Information requests and complaints to Ofgem

When we receive a Freedom of Information or other information request (e.g. Environmental Information Regulations 2004) or a complaint from you, we may generate a file. This normally contains the identity of the requester or complainant.

We will only use your personal information to process the request and to check on the level of service provided. We compile and publish statistics about the number of information requests or complaints we receive, but not in a form which would identify you.

Personal information contained in these files is retained in a secure environment and access is restricted to Ofgem employees.

Personal information relating to Information requests and complaints to Ofgem is deleted when it may no longer have relevance for investigations and enforcement action. As such, it is not kept for longer than five years.

Job applicants, current and former Ofgem employees

When you apply to work for us, we will only use the information you give us to process your application and to monitor recruitment statistics. As part of our external recruitment process, your personal information may be shared with nominated agents.

Where we disclose information to any other third parties, (for example where we want to take up a reference or obtain a ‘disclosure’ from either CIFAS, the Disclosure and Barring Service or Disclosure Scotland), we will not do so without telling you first, unless the disclosure is required by law. 

Personal information about unsuccessful candidates will be held on file for 6 months after the recruitment exercise has been finished, it will then be destroyed or deleted. We retain anonymized statistical information about applicants to inform our recruitment activities, but no individuals can be identified from that data.

When you work for us, we will compile a file relating to your employment. The information contained in this will be kept in a secure location and will only be used for purposes directly relevant to your employment.  Your information may be shared with third parties within the civil service, including:

  • Civil Service Learning
  • HMRC
  • other government departments for the purposes of a secondment/progression through graduate recruitment training, and/or the fast stream
  • pension administrators
  • professional groups, e.g. Government Legal Service secretariat.  

Once your employment with us has ended, we will keep your file until it is no longer needed. It may be kept for pay, pensions, health and safety, medical and other employment reasons and potentially for up to 20 years depending on your age when you leave Ofgem.

Complaints or queries

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

Your rights

Access to personal information

We try to be as open as we can be in terms of giving you access to your personal information. You can find out if we hold any personal information about you by making a ‘subject access request’ (SAR) under the General Data Protection Regulation If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

Your individual rights

If we hold information about you, you have the right to:

  • Be informed about the data information we hold about you,
  • Access the information we hold about you,
  • Have your personal information corrected if it is incomplete or inaccurate,
  • Ask us to restrict how we process your information,
  • Object to certain ways we use your information, and
  • In some circumstances, you may have a right to object to Ofgem processing your information.

To see the full suite of new consumer rights available to you under GDPR, please refer to the ICO website.

Disclosure of personal information

You can also get information about:

  • agreements we have with other organisations for sharing information
  • circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics
  • our instructions to staff on how to collect, use and delete personal data
  • how we check that the information we hold is accurate and up to date.

Further information

How to contact us

If you would like to:

The Data Protection Officer
10 South Colonnade
Canary Wharf
E14 4PU

Complaints to the Information Commissioner

You have a right to complain to the Information Commissioner

If you want to complain about how we have handled your information you can report it direct to the Information Commissioner’s Office at the following address:

Information Commissioner's Office
Wycliffe House
Water Lane
Telephone: 0303 123 1113

Online: Live chat

Changes to this privacy policy

This privacy policy does not cover the links within this site linking to other websites. We keep our privacy policy under regular review. This privacy policy was last updated on 14 April 2021.

Publications and updates

  • Published: 29th Nov 2019
  • Guidance
  • 0 Associated documents
This notice tells you what to expect when we process your personal information under the Renewable Electricity schemes.

  • Published: 13th Sep 2019
  • Guidance
  • 0 Associated documents
This document explains how Ofgem will collect, use, and protect personal information that it obtains under the Energy Company Obligation (ECO) scheme.

  • Published: 13th Sep 2019
  • Guidance
  • 0 Associated documents
This privacy notice tells you how we collect and process personal information when you visit Ofgem’s digital channels.

  • Published: 13th Sep 2019
  • Guidance
  • 0 Associated documents
This privacy notice tells you how we collect, use and protect personal information in the Innovation Link.

  • Published: 13th Sep 2019
  • Guidance
  • 0 Associated documents
This privacy notice tells you how we collect, use and protect personal information under the Domestic RHI scheme.

  • Published: 13th Sep 2019
  • Guidance
  • 0 Associated documents
This privacy notice tells you how we collect, use and protect personal information under the Northern Ireland RHI scheme.

  • Published: 13th Sep 2019
  • Guidance
  • 0 Associated documents
This privacy notice tells you how we collect, use and protect personal information under the Non-Domestic RHI scheme.