Privacy policy

We will always explain clearly what information we’re collecting about you and why. If we ask for your information we will:

• make sure you know why we need it
• only ask for what we need
• keep it securely
• let you know if we share it with others
• only keep it for as long as we need to
• not make it available for commercial (marketing) purposes without your permission

We respect your right to make informed decisions about your information. Fair processing of information means you have control over how your information is used. You can find out more about how we can help you to do this below.

Your trust is very important to us. So we’re committed to keeping your information safe and secure. We will only use your information to improve services to you, communicate with you, and to fulfil our legal obligations as the energy regulator. 

In return, we ask you to:

• give us accurate information
• tell us as soon as possible if there are any changes such as a new address

This helps us keep your information reliable and up to date.

This privacy policy tells you what to expect when Ofgem collects your personal information. It applies to information we collect about: 

• visitors to our website or social media channels
• people who engage with any online advertising we do (such as through Google or LinkedIn)
• people who engage with Ofgem as part of carrying out our regulatory and NIS competent authority functions in the energy markets
• people who make enquiries about and applications to any environmental schemes that Ofgem administers
• people who subscribe to our online services eg,our RSS feeds, e-newsletters, social media channels, email alerts or request a publication from us
• people who email Ofgem
• people who contact us in relation to information requests, complaints and general enquiries
• job applicants and our current and former employees.

The Controller for the processing of any personal information as outlined in this privacy policy is the Gas and Electricity Markets Authority, (GEMA). For ease of reference this privacy policy  refers to the administrative office of GEMA, ‘Ofgem’ and  ‘we’ ‘us’ and ‘our’ throughout. 

Ofgem’s registration with the Office of the Information Commissioner can be accessed via: Office of the Information Commissioner: Controllers

You can read about how we collect and process information across our digital channels in our website and digital channels privacy notice.

Our Cookies policy lists the cookies we use when you visit our website. It also explains your choices on their use.

Some Ofgem schemes need cookie files to be stored on an applicant or participant’s computer to work correctly and securely. Please check the terms and conditions when you register with a scheme for further details.

We will process your personal information in order to perform our regulatory and NIS competent authority functions, including (but not limited to) the development of rules to protect the interests of consumers, monitoring and investigating the activities of regulated persons and others engaged in commercial activities relating to the energy sector, and enforcing non-compliance with regulatory rules and legislation. This processing will include the use of data analytics as required. 

Ofgem may share personal information with central government departments/agencies, the Citizen Advice Service, Citizens Advice Scotland and other bodies which perform public functions (within the UK or European Union) for purposes which include:

• the detection or prevention of crime;
• protecting members of the public (including in respect of financial loss) from dishonesty, malpractice, incompetence or seriously improper conduct, or the unfitness or incompetence of persons authorised to carry on any profession or other activity;
• health and safety;
• ensuring that competition is not prevented, restricted or distorted.

We will process your personal information to enable us to administer our environmental schemes, namely; 

Energy Companies Obligation (ECO)
Feed-in Tariff (FIT)
Renewable Obligation (RO)
Northern Ireland Renewable Obligation
Climate Change Levy (CCL)
Combined Heat and Power (CHP)
Renewable Energy Guarantees of Origin (REGO)
Non-Domestic Renewable Heat Incentive (NDRHI)
Domestic Renewable Heat Incentive (DRHI)

This may include the use of data analytics. 

Processing your information may include the consideration and investigation of complaints, and enforcement action investigations. If the circumstances require, we may share your personal information with:

• external central government departments
• devolved administrations
• agencies
• police forces
• licensees
• energy industry bodies.

Personal information processed as part of the administration of the schemes, may include crime prevention, combating abuse, and misuse and misreporting in relation to the schemes. We may also use your personal information to inform you about, or provide you with literature or services about our schemes. In some cases, this may include the use of data analytics. 

Fair and transparent processing of your information applies when you call any of our scheme help lines. 

Our schemes are administered via the following sub-domains:

• ECO: https://eco.ofgem.gov.uk
• RO/CCL/CHP/REGO /FIT: https://renewablesandchp.ofgem.gov.uk
• NDRHI: https://rhi.ofgem.gov.uk

Any emails we receive, including any attachments, are monitored for malicious content. The content of communications with us (including telephone calls) may also be monitored for training or for the purposes of a regulatory compliance investigation.
Some of our environmental schemes may also record some telephone calls for training, quality control, monitoring and fraud prevention purposes.   

When we receive a Freedom of Information or other information request (e.g. Environmental Information Regulations 2004) or a complaint from you, we may generate a file. This normally contains the identity of the requester or complainant.

We will only use your personal information to process the request and to check on the level of service provided. We compile and publish statistics about the number of information requests or complaints we receive, but not in a form which would identify you.

Personal information contained in these files is retained in a secure environment and access is restricted to Ofgem employees.

When you apply to work for us, we will only use the information you give us to process your application and to monitor recruitment statistics. As part of our external recruitment process, your personal information may be shared with nominated agents.

Where we disclose information to any other third parties, (for example where we want to take up a reference or obtain a ‘disclosure’ from either CIFAS, the Disclosure and Barring Service or Disclosure Scotland), we will not do so without telling you first, unless the disclosure is required by law. 

Personal information about unsuccessful candidates will be held on file for 6 months after the recruitment exercise has been finished, it will then be destroyed or deleted. We retain anonymized statistical information about applicants to inform our recruitment activities, but no individuals can be identified from that data.

When you work for us, we will compile a file relating to your employment. The information contained in this will be kept in a secure location and will only be used for purposes directly relevant to your employment.  Your information may be shared with third parties within the civil service, including:

• Civil Service Learning
• HMRC
• other government departments for the purposes of a secondment/progression through graduate recruitment training, and/or the fast stream
• pension administrators
• professional groups, e.g. Government Legal Service secretariat.  

Once your employment with us has ended, we will keep your file until it is no longer needed. It may be kept for pay, pensions, health and safety, medical and other employment reasons and potentially for up to 20 years depending on your age when you leave Ofgem.

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

Any requests for information or complaints about how we have handled or processed your data should be sent to our Data Protection Officer at the address below

We try to be as open as we can be in terms of giving you access to your personal information. You can find out if we hold any personal information about you by making a ‘subject access request’ (SAR) under the General Data Protection Regulation If we do hold information about you we will:

• give you a description of it;
• tell you why we are holding it;
• tell you who it could be disclosed to; and
• let you have a copy of the information in an intelligible form.

To ask us for any personal information we may hold you need to put a request in writing to our Data Protection Officer at the address below.

If we hold information about you, you have specific rights in relation to that information. You have the right to;

•    know how we use your personal data
•    access your personal data
•    have personal data corrected if it is inaccurate or incomplete
•    in some limited cases, ask us to delete personal data when we no longer need it
•    ask us to restrict how we process your data
•    get your data from us and re-use it across other services
•    object to certain ways we use your data 
•    be safeguarded against risks where decisions based on your data are taken entirely automatically
•    tell us your preferred frequency, content and format of our communications with you

You can exercise these rights by contacting our Data Protection Officer.

You can also get information about:

• agreements we have with other organisations for sharing information
• circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics
• our instructions to staff on how to collect, use and delete personal data
• how we check that the information we hold is accurate and up to date.

If you want to exercise any of your rights, request information about our privacy policy, know more about the information we hold about you or make a complaint about how we’ve handled your information, you can email us at dpo@ofgem.gov.uk or write to:

The Data Protection Officer
Ofgem
10 South Colonnade
Canary Wharf
London 
E14 4PU

You have a right to complain to the Information Commissioner

If you want to complain about how we have handled your information you can report it direct to the Information Commissioner’s Office at the following address:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113

Online: Live chat

This privacy policy does not cover the links within this site linking to other websites. We keep our privacy policy under regular review. This privacy policy was last updated on 18 May 2018.