- Publication date
- 13th May 2019
- Information types
- Policy areas
This privacy notice tells you what to expect when we collect your personal information under the Energy Company Obligation (ECO).
It applies to information we collect about:
- householders/occupiers who have an energy efficiency measure installed under the ECO scheme into their premises;
- people who contact Ofgem with a query or right of access request regarding ECO;
- people who sign up to receive the ECO newsletter.
This privacy notice only covers the processing of information relating to ECO. It covers the processing of information relating to ECO measures installed under the current ECO scheme (ECO3) as well as the previous ECO schemes (ECO1, ECO2 and ECO2t).
To find out more information on how Ofgem processes personal data, refer to the Ofgem Umbrella Privacy Notice.
The controller for the processing of any personal information as outlined in this privacy notice is the Gas and Electricity Markets Authority, (GEMA). For ease of reference this privacy notice refers to the administrative office of GEMA, “Ofgem” throughout.
What personal information do we collect?
We receive your information via energy suppliers, who provide us with information about the energy efficiency measures they have installed at your household:
This information includes:
- your address at which the measure has been installed;
- and in some cases:
- confirmation of whether you are in receipt of one or more state benefits; and/or
- the nature of your right to occupy the premises;
- special category data, in particular information related to your health as evidence you are eligible for the scheme.
- the information notified to us does not include your name.
We will collect information directly from you where:
- you sign up to our newsletter we will collect and store your email address in order to send it to you. You can request to be taken off the distribution list at any time by emailing: firstname.lastname@example.org;
- you contact us with an enquiry regarding the scheme.
Why we need to collect and process your information
We only collect information that we need in order to carryout out our functions in relation to ECO, in order to:
- to administer the scheme;
- help us identify fraud;
- review how well the scheme is working, and inform future planning.
Your information is not used:
- to make automatic decisions, ie decisions made solely by automated means without any human involvement;
- or for profiling, ie automated processing of personal data to evaluate certain things about an individual eg direct marketing.
We use data analytics software to:
- identify fraud;
- improve the services we provide;
- ensure compliance with statutory requirements under the ECO;
- identify potential improvements to industry standards;
- monitor installer’s measure failure rates;
- verifying the carbon or cost savings claimed by suppliers are correct;
- check whether ECO measures have been claimed more than once.
Any data sets processed are sufficiently anonymised to not constitute personal data and are compliant with the UK Statistics Authority Code of Practice for Official Statistics (principle 5: confidentiality).
How we collect your information
We collect your information if you:
- engage with us when we carry out our regulatory and administrative functions;
- make enquiries about ECO;
- use our services eg, subscribe to our RSS feeds, e-newsletters, social media sites, email alerts or request a publication from us;
- email us;
- contact us in relation to information requests, complaints and general enquiries.
How and when we will disclose your information
We will only disclose your personal information in the following circumstances:
- where the disclosure is required by law, statutory direction, court orders, or is necessary for the purposes of the administration of ECO;
- where you give us explicit permission to disclose it;
- processing and sharing information with auditors during audits;
- in order for some installers and energy suppliers to confirm whether you are entitled to ECO Help to Heat funded measures, they will share your personal data with the Department for Work and Pensions via a third party service provider, the Energy Saving Trust.
Also, we will information share with the following organisations as required:
- Action Fraud in England or Wales or the police in Scotland when we have found instances of suspected fraud;
- energy suppliers, industry/accreditation/certification bodies to help ensure that installation work is carried out to the required standards and in accordance with the requirements of the scheme;
- the installer of the measure; we will only release whether the measure has been notified to Ofgem (after verifying their identity) and, where asked by the installer, information relating to our monitoring of the measure;
- the landlord, social housing provider or local authority of the property in relation to their own properties;
- Qualtrics, who process your data for us if you respond to one of our consultations through their platform;
- Qlik, where we use their software platform to conduct data analytics;
- Huddle, where we use their platform to securely share data with other organisations;
- with the Department for Work and Pensions for the purpose of verifying your benefit status;
- the Energy Savings Advice Service (ESAS), where you have opted into the referrals service operated by ESAS under ECO1 or ECO2 (including ECO2t), and we have been provided with your referral number by a supplier, we will provide this number to ESAS in order to verify that it is a valid number;
- the Secretary of State for Business, Energy and Industrial Strategy, who has issued a notice that legally compels Ofgem to disclose specified information notified by energy suppliers about energy efficiency measures installed (this includes the personal information listed above in section 3). Notice issued by the Secretary of State under section 103B Utilities Act 2000.
Legal basis for processing your information
We collect and process your information as part of our remit as the administrator of ECO, as set down by the ECO Orders. The Electricity and Gas (Energy Companies Obligation) Order 2012, The Electricity and Gas (Energy Company Obligation) Order 2014 and The Electricity and Gas (Energy Company Obligation) Order 2018.
In some circumstances we will process special category data (eg. information related to your health as evidence you are eligible for the scheme). In these circumstances, the processing will be based on a substantial public interest and carried out in accordance with the Ofgem appropriate policy document.* In all other cases, we will tell you the condition upon which we are processing your special category data.
We would not be able to fulfil our obligations as the administrator of the ECO scheme without collecting your information.
*The Ofgem appropriate policy document explains how and why Ofgem collects, processes and shares special category and criminal offence data.
Where you subscribe to our ECO newsletter, we also process sending you this on the basis of your consent. You can request to be taken off the distribution list at any time by clicking the unsubscribe link at the bottom of the newsletter, or by emailing: email@example.com
How long do we keep your information?
Your personal information is deleted when we no longer need it for our functions in administering the ECO scheme. As such, and it is not kept by Ofgem for more than 10 years past the final determination of the scheme.
Sharing your information outside the European Union
Any information you provide will not be transferred outside the European Union.
Where we use cloud processing to support our data processing, the servers are located within the European Union.
If we hold information about you, you have the right to:
- Be informed about the data we hold about you.
- Access the information we hold about you for free.
- Have your personal information corrected if it is incomplete or inaccurate.
- Ask us to restrict how we process your information.
- Object to certain ways we use your information.
- In some circumstances, you may have a right to object to Ofgem processing your information.
You can exercise these rights by contacting our Data Protection Officer; the contact details are below.
How to contact us or make a complaint to us
The Data Protection Officer
10 South Colonnade
You can also contact us to request this notice in an oral format.
Complaints to the Information Commissioner
You have a right to complain to the Information Commissioner. If you want to raise a concern about how we have handled your information, you can report it direct to the Information Commissioner’s Office at the following address:
Information Commissioner's Office
Telephone: 0303 123 1113
Online: Live chat
We regularly review our privacy notices. This notice was last updated on 13 May 2019.