ECO3 privacy notice

Publication date
10th October 2018
Information types
Policy areas

This privacy notice tells you what to expect when we collect your personal information under the Energy Company Obligation (ECO).

It applies to information we collect about:

  • householders/occupiers who have an energy efficiency measure installed under the ECO scheme into their premises;
  • people who contact Ofgem with a query or right of access request regarding ECO;
  • people who sign up to receive the ECO newsletter.

This privacy notice only covers the processing of information relating to ECO. It covers the processing of information relating to ECO measures installed under the current ECO scheme (ECO3) as well as the previous ECO schemes (ECO1, ECO2 and ECO2t).

To find out more information on how Ofgem processes personal data, refer to the Ofgem Umbrella Privacy Notice.

Controller

The controller for the processing of any personal information as outlined in this privacy notice is the Gas and Electricity Markets Authority, (GEMA). For ease of reference this privacy notice refers to the administrative office of GEMA, “Ofgem” throughout. 

Your information

What personal information do we collect?

We receive your information via energy suppliers, who provide us with information about the energy efficiency measures they have installed at your household:

This information includes:

  • your address at which the measure has been installed; 
  • and in some cases: 
    • confirmation of whether you are in receipt of one or more state benefits; and/or 
    • the nature of your right to occupy the premises;
    • special category data, in particular information related to your health as evidence you are eligible for the scheme. 
  • the information notified to us does not include your name. 

We will collect information directly from you where: 

  • you sign up to our newsletter we will collect and store your email address in order to send it to you. You can request to be taken off the distribution list at any time by emailing: eco@ofgem.gov.uk;
  • you contact us with an enquiry regarding the scheme.

Why we need to collect and process your information 

We only collect information that we need in order to carryout out our functions in relation to ECO, in order to:

  • to administer the scheme;
  • help us identify fraud;
  • review how well the scheme is working, and inform future planning.

Your information is not used:

  • to make automatic decisions, ie decisions made solely by automated means without any human involvement;
  • or for profiling, ie automated processing of personal data to evaluate certain things about an individual eg direct marketing.

We use data analytics software to:

  • identify fraud;
  • improve the services we provide;
  • ensure compliance with statutory requirements under the ECO;
  • identify potential improvements to industry standards;
  • monitor installer’s measure failure rates;
  • verifying the carbon or cost savings claimed by suppliers are correct;
  • check whether ECO measures have been claimed more than once.

Any data sets processed are sufficiently anonymised to not constitute personal data and are compliant with the UK Statistics Authority Code of Practice for Official Statistics (principle 5: confidentiality).

How we collect your information

We collect your information if you:

  • visit our website to allow you to make repeat visits. Further information on our use of cookies;
  • engage with us when we carry out our regulatory and administrative functions;
  • make enquiries about ECO;
  • use our services eg, subscribe to our RSS feeds, e-newsletters, social media sites, email alerts or request a publication from us;
  • email us;
  • contact us in relation to information requests, complaints and general enquiries.

How and when we will disclose your information

We will only disclose your personal information in the following circumstances:

  • where the disclosure is required by law, statutory direction, court orders, or is necessary for the purposes of the administration of ECO;
  • where you give us explicit permission to disclose it; 
  • processing and sharing information with auditors during audits;
  • in order for some installers and energy suppliers to confirm whether you are entitled to ECO Help to Heat funded measures, they will share your personal data with the Department for Work and Pensions via a third party service provider, the Energy Saving Trust.

Also, we will information share with the following organisations as required:

  • Action Fraud in England or Wales or the police in Scotland when we have found instances of suspected fraud;
  • energy suppliers, industry/accreditation/certification bodies to help ensure that installation work is carried out to the required standards and in accordance with the requirements of the scheme;
  • the installer of the measure; we will only release whether the measure has been notified to Ofgem (after verifying their identity) and, where asked by the installer, information relating to our monitoring of the measure;
  • the landlord, social housing provider or local authority of the property in relation to their own properties;
  • Qualtrics, who process your data for us if you respond to one of our consultations through their platform;
  • Qlik, where we use their software platform to conduct data analytics;
  • Huddle, where we use their platform to securely share data with other organisations;
  • with the Department for Work and Pensions for the purpose of verifying your benefit status; 
  • the Energy Savings Advice Service (ESAS), where you have opted into the referrals service operated by ESAS under ECO1 or ECO2 (including ECO2t), and we have been provided with your referral number by a supplier, we will provide this number to ESAS in order to verify that it is a valid number; 
  • the Secretary of State for Business, Energy and Industrial Strategy, who has issued a notice that legally compels Ofgem to disclose specified information notified by energy suppliers about energy efficiency measures installed (this includes the personal information listed above in section 3). Notice issued by the Secretary of State under section 103B Utilities Act 2000.

Legal basis for processing your information

We collect and process your information as part of our remit as the administrator of ECO, as set down by the ECO Orders. The Electricity and Gas (Energy Companies Obligation) Order 2012, The Electricity and Gas (Energy Company Obligation) Order 2014 and The Electricity and Gas (Energy Company Obligation) Order 2018.

In some circumstances we will process special category data (eg. information related to your health as evidence you are eligible for the scheme). In these circumstances, the processing will be based on a substantial public interest and carried out in accordance with the Ofgem appropriate policy document.*  In all other cases, we will tell you the condition upon which we are processing your special category data.

We would not be able to fulfil our obligations as the administrator of the ECO scheme without collecting your information. 

*The Ofgem appropriate policy document explains how and why Ofgem collects, processes and shares special category and criminal offence data.

ECO newsletter

Where you subscribe to our ECO newsletter, we also process sending you this on the basis of your consent. You can request to be taken off the distribution list at any time by clicking the unsubscribe link at the bottom of the newsletter, or by emailing: eco@ofgem.gov.uk

How long do we keep your information?

Your personal information is deleted when we no longer need it for our functions in administering the ECO scheme. As such, and it is not kept by Ofgem for more than 10 years past the final determination of the scheme.

Sharing your information outside the European Union

Any information you provide will not be transferred outside the European Union. 

Where we use cloud processing to support our data processing, the servers are located within the European Union. 

Your rights

If we hold information about you, you have the right to:

  • access your personal information
  • have personal information corrected if it is inaccurate or incomplete
  • ask us to restrict how we process your information
  • in some circumstances to object to the way we use your information 
  • in certain circumstances, to be informed if there has been a data breach

Right to object to processing: in addition, in some circumstances, you may have a right to object Ofgem processing your information. 

You can exercise these rights by contacting our Data Protection Officer, the contact details are below.

How to contact us or make a complaint to us

If you want to exercise any of your rights, request information about our privacy policy, know more about the information we hold about you or make a complaint about how we’ve handled your information, you can email us at dpo@ofgem.gov.uk or write to:

The Data Protection OfficerOfgem10 South ColonnadeCanary WharfLondonE14 4PU

Complaints to the Information Commissioner

You have a right to complain to the Information Commissioner. If you want to raise a concern about how we have handled your information, you can report it direct to the Information Commissioner’s Office at the following address:

Information Commissioner's OfficeWycliffe HouseWater LaneWilmslowCheshireSK9 5AF

Telephone: 0303 123 1113Online: Live chat

We regularly review our privacy notices. This notice was last updated on 10 October 2018.