Privacy policy

Mae’r dudalen yma ar gael yn Gymraeg.

This privacy policy details how we collect and process personal information. It also explains how the information may be used and your choices on its use.


Data control at Ofgem

We’re committed to protecting and respecting your privacy.

The data controller for this website and the processing of any personal information as outlined in this privacy policy is the Gas and Electricity Markets Authority (GEMA). For ease of reference, the policy refers to the administrative office of GEMA, ‘Ofgem’, throughout.

The Data Protection Act 1998 requires every organisation that processes personal information to register with the Information Commissioner’s Office (ICO). You can view our registration on the ICO’s Register of Data Controllers.

How this policy applies

This policy applies to information we collect about:

  • online browsing data if you visit our websites, engage with our social media pages or any online advertising we do (such as via Google or LinkedIn).
  • people who engage with us as part of carrying out our regulatory functions in the energy markets.
  • people who make enquiries about the environmental schemes that we administer.
  • people who subscribe to our online services, e.g. our RSS feeds, e-newsletters, consultation or investigation ‘notify me’ alerts, register to attend an Ofgem event or request a publication from us.
  • people who email us.
  • people who contact us to make information requests or complaints.
  • job applicants and our current and former employees.

Information we collect about you

Online browsing information

We collect online browsing information in a way which does not personally identify anyone. We do not capture personal information (such as your name, email address and telephone number) unless it is expressly provided by you. We will tell you when we do want to collect personal information and will explain what we intend to do with it.

Information we collect about you on our websites

We collect standard internet log information when you visit our websites, including the Internet Protocol (IP) address used to connect your computer to the internet.

We also deposit cookies to distinguish you from other users of our websites, to provide you with a good experience when you are browsing and to also help us understand visitor behaviour and improve our sites. For detailed information on the cookies we use and the purposes for which we use them, see our Cookies policy.

Information we collect from other sources

We may receive information about you if you use or follow any of our social media pages on Twitter (@ofgem and @ofgem_schemes), Facebook and LinkedIn. For more information, please see the privacy policies on Twitter, Facebook and LinkedIn.

We also work closely with third parties in their supply of services to us (for example analytics and search information providers or advertising networks), and may get information about you or your online behaviour from them.

We use Google Analytics and Google Adwords services for:

  • Technical and visit information on our websites such as: download errors, response times, the date/time/length of a visit to certain pages, page interaction information (scrolling, clicks, mouse-overs), browser type and versions, visit location, referring/exit pages and operating system/platform. This information is not personally identifiable.
  • Audience demographics and interest reporting. We use data from Google Adwords’ interest-based reporting (such as age, gender and interests) with Google Analytics. This information is not personally identifiable.
  • ‘Remarketing’ advertising (when we show an advert on another website). If we run adverts through Google or LinkedIn’s advertising network, we and the advertising service provider (Google Adwords or LinkedIn) will use cookies to serve our adverts based on a user’s past interactions with our websites. This information is not personally identifiable.
  • ‘Customer match’ advertising (when we show an advert to you and similar audiences on Google’s ad network based on information you have explicitly given to us for marketing purposes, such as in subscribing to our e-newsletter marketing communications). If we run adverts through Google to reach new audiences using ‘customer match’ functionality, the advertising provider (Google Adwords) will use information we provide to them, such as non-personally identifiable email addresses and demographics and interest reporting, to serve adverts on their network. Adwords will also use cookies to serve our adverts based on a user’s past interactions with our websites. To find out more, view the Adwords customer match privacy policy.
  • Impressions reporting. If we run adverts through the Google or LinkedIn advertising networks, we and the advertising service provider (Google Adwords or LinkedIn) will use cookies to report how our advert impressions and interactions with them are related to visits to our websites.

You can opt out of Google Analytics using this browser add-on. You can opt out of Google or LinkedIn advertising analytics or customise the adverts you see though their ad network via Google’s ad settings and LinkedIn’s ad settings.

We use Siteimprove, a third party web analytics provider, to collect visitor behaviour data such as click errors and website page response times. For more information, see the Siteimprove privacy policy.

We use Synthesio, a third party online analytics provider, to collect statistics and monitor our online reputation. Synthesio indexes publicly-available portions of websites such as blogs, news websites, and social networking websites. Personal data could be included in the indexed content supplied to us. For more information, see the Synthesio privacy policy.

We use Disqus, a third party comment sharing system, to capture and facilitate stakeholder discussions on our website blog. To find out more, visit the Disqus privacy policy.

We may use Hotjar, a third party web analytics and surveying provider, to record visitor interactions (such as mouse clicks, mouse movement and scroll activity on our websites) and survey website visitors. Hotjar also collects information such as browser type & version, country, device used, operating system and date/time of visit. For more information, see the Hotjar privacy policy.

We may use SurveyMonkey, a third party survey provider, to capture response data to surveys we run for users of our websites. For more information, see the SurveyMonkey privacy policy.

We may use Qualtrics, a third party survey provider, to capture response data to surveys we run for users of our websites and survey interactions. For more information, see the Qualtrics privacy policy.

We may use Quantcast Measure, a third party web analytics tool, to better understand our website visitor demographics. If you do not want your visits to the Ofgem site to be included, you can opt out of Quantcast's interest based tracking. For more information, see the Quantcast privacy policy.

What we use collected information for

The browsing data we collect and process is routinely recorded by most websites to help monitor performance and improve services to you. We will use the information we collect:

  • to improve our websites to ensure that content is presented in the most effective way for you and the devices you use.
  • to enable you to use interactive features of our online services, when you choose to do so.
  • to administer our websites and for internal operations – including for data analysis, troubleshooting and testing, research and survey purposes.
  • as part of our efforts to keep our websites stable and secure.
  • to measure or understand the effectiveness of any advertising we do, and to serve relevant advertising to you.

Regulatory functions

We will process any personal information to facilitate the performance of Ofgem’s regulatory functions, including (but not limited to) the development of regulatory rules to protect the interests of consumers, monitoring and investigating the activities of regulated persons and other persons engaged in commercial activities relating to the energy sector, and enforcing non-compliance with regulatory rules and legislation. Any such processing may include the use of data analytics as required. 

If the circumstances require, Ofgem may share personal information both internally and externally with central government departments/agencies, the Citizens Advice Service, Citizens Advice Scotland and other bodies who perform public functions (within the UK or European Union) for purposes which include:

  • the detection or prevention of crime
  • protecting members of the public (including in respect of financial loss) from dishonesty, malpractice, incompetence or seriously improper conduct, or the unfitness or incompetence of persons authorised to carry on any profession or other activity
  • health and safety
  • ensuring that competition is not prevented, restricted or distorted.

Environmental and social programmes

We will process any personal information to enable Ofgem to carry out its regulatory functions to administer environmental and social programmes, e.g. ECO, FIT, RHI. Any such processing may include the use of data analytics as required. 

Our processing of personal information may also include the consideration and investigation of complaints, and enforcement action investigations. If the circumstances require, Ofgem may share personal information both internally and with:

  • external central government departments
  • devolved administrations
  • agencies
  • police forces
  • licensees
  • energy industry bodies.

All processing of personal information connected with the administration of the schemes may include crime prevention, combating abuse, misuse and misreporting in relation to the schemes. In some cases, this may require that personal information is processed through our data analytics software. 

There is an additional privacy policy for the Domestic Renewable Heat Incentive (Domestic RHI): Domestic RHI privacy policy.

When you call any of Ofgem's environmental scheme telephone help lines, any processing of your personal data will be fair and transparent.

Our schemes are administered via the following sub-domains:

You may be contacted by Ofgem or our nominated agent to participate in surveys about the delivery of our services. Participation is always voluntary.

Some Ofgem schemes require cookie files to be stored on the applicant’s computer for the online service to function correctly and securely. Please check the terms and conditions when you register with a scheme for further details. You can read more about how schemes use cookies in our Cookies policy.

Information you give to us

E-newsletter subscriptions

We use a third party provider, dotmailer, to deliver our various e-newsletters and to enable people to subscribe to them.

Dotmailer’s features allow us to capture personal information, such as your name and email address. You can also provide additional information such as the organisation you work for. We may use the information you give to us when subscribing to help us deliver more personalised marketing communications services, including online advertising using Google and LinkedIn advertising services. If we use the information you provide for advertising purposes, it is hashed so as not to be personally identifiable.

If you do not want to receive e-newsletters from us, you can opt out at any time via your subscription preferences or the e-newsletter you receive. For more information on our use of subscription information relative to any online advertising we may do, and how to opt-out or customise the online adverts served to you, see ‘Information we collect from other sources’ in the ‘online browsing information’ section above.

We gather statistics on email opens, clicks and click-through streams using industry standard technologies such as embedded images and tracking codes on links. We use this information to help us monitor and improve our communications. For more information, please see dotmailer’s privacy policy.

Investigation and consultation ‘notify me’ alert subscriptions

We collect email addresses via our website if a user chooses to subscribe to the ‘notify me’ alerts for when the status of an investigation or consultation changes. We hold this personal data until an investigation or consultation reaches its final decision, after which the data is deleted from our servers. We do not disclose this information to third parties.

RSS feed subscriptions

We do not track usage of RSS feeds.

Online event invites and registration

We may use a third party provider, Eventbrite, to send event invites, register interest and confirm attendance to Ofgem stakeholder events.

Eventbrite’s features allow us to capture personal information, including your name, contact details, job role and the organisation you work for. We use this to respond directly to enquiries you may send to us about our events. We may also use supplied e-mail addresses for Ofgem marketing purposes, such as to provide you with information on other events. If you do not want to receive these updates from us, you can opt out at any time via the invitations you receive or email at anytime and we will remove you from our events distribution list.

We collect statistics about event invite engagement, such as clicks, opens and response rates. For more information, please see Eventbrite’s privacy policy.

Emails to Ofgem

Any email sent to us, including any attachments, is monitored for malicious content. The content of your communication with us (including telephone calls) may also be monitored for training or for the purposes of a regulatory compliance investigation.

In relation to certain of the environmental programmes, we may also record some telephone calls for training and/or quality control and/ or monitoring and/or fraud prevention purposes.   

Information requests and complaints to Ofgem

When we receive an information request (e.g. under the Environmental Information Regulations 2004 or complaint from a person) or a complaint, we may generate a file. This normally contains the identity of the requester or complainant.

Ofgem will only use the personal information collected to process the matter and to check on the level of service provided. We do compile and publish statistics showing information like the number of information requests or complaints we receive, but not in a form which identifies anyone.

Personal information contained in these files will be kept in line with the Ofgem retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Job applicants, current and former Ofgem employees

As part of our external recruitment process, personal information may be shared with our nominated agent. When individuals apply to work at Ofgem, we will only use the information they supply to us to process their application and to monitor recruitment statistics. 

Where we want to disclose information to any other third parties (for example where we want to take up a reference or obtain a ‘disclosure’ from either CIFAS, the Disclosure and Barring Service or Disclosure Scotland), we will not do so without informing them beforehand unless the disclosure is required by law. 

Personal information about unsuccessful candidates will be held on file for six months. After the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once a person has taken up employment with Ofgem, we will compile a file relating to their employment. The information contained in this will be kept confidentially, within a secure location and will only be used for purposes directly relevant to that person’s employment.  A person’s personal information may be shared with any third parties as required by their employment within the civil service, including:

  • Civil Service Learning
  • HMRC
  • other government departments for the purposes of a secondment/progression through graduate recruitment training, and/or the fast stream
  • pension administrators
  • professional groups, e.g. Government Legal Service secretariat
  • IT software providers for the purposes of sending electronic communications to staff, e.g. staff updates and surveys sent via email and app technology.

Once their employment with Ofgem has ended, we will retain the file in accordance with the requirements of our data retention policy.

Your rights

Access to personal information

Ofgem tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:

  • give you a description of it
  • tell you why we are holding it
  • tell you who it could be disclosed to
  • let you have a copy of the information in an intelligible form.

To make a request to Ofgem for any personal information we may hold or to ask us to correct any mistakes on information we may hold about you, you need to put the request in writing to:

Head of Information Management
9 Millbank

Tel: 020 7901 7011

Disclosure of personal information

You can request further information from us on:

  • agreements we have with other organisations for sharing information
  • circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics
  • our instructions to staff on how to collect, use and delete personal data
  • how we check that the information we hold is accurate and up to date.

Further information

General enquiries and complaints about this privacy policy

Ofgem tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

If you want to request information about our privacy policy or to make a complaint, contact us via:

Head of Information Management
9 Millbank

Tel: 020 7901 7011

Changes to this privacy policy

Ofgem’s websites contain links to other websites. Please note that this privacy policy applies only to our websites and does not mean that we endorse the privacy policy of a site we link to. When visiting linked sites, you should read and become familiar with their privacy policies.

We keep our privacy policy under regular review.

We last updated this privacy policy on 28 February 2018.