- Publication date
- 13th September 2019
- Information type
- Policy area
This privacy notice tells you how we collect and process personal information when you visit Ofgem’s digital channels. This includes our:
- website – Ofgem.gov.uk
- social media (Ofgem LinkedIn company page, Twitter - @ofgem and Ofgem Facebook page)
- e-newsletters and subscription-based ‘notify me’ alerts
- events registration
It also covers information we may collect from other online sources such as analytics and search information providers or advertising networks in their supply of services to us.
The data controller for the processing of any personal information as outlined in this privacy notice is the Gas and Electricity Markets Authority (GEMA). For ease of reference this privacy notice refers to the administrative office of GEMA as ‘Ofgem’ throughout.
1. What personal information do we collect?
Information collected indirectly
Social media and commenting
We may receive information about you if you use or follow any of our social media pages on Twitter (@ofgem), Facebook and LinkedIn. We may receive your:
- profile information (such as your social media handle and any personal information you choose to list on your profile)
- online behaviour based on your interactions with our content, such as clicks, time on content. This information is not personally identifiable.
Website and advertising analytics
We work closely with third parties in their supply of services to us (for example analytics and search information providers or advertising networks), and may get information about you or your online behaviour from them.
We use Google Analytics, Google Tag Manager and Google Adwords services for:
- Technical and visit information on our websites such as: download errors, response times, the date/time/length of a visit to certain pages, page interaction information (scrolling, clicks, mouse-overs), browser type and versions, visit location, referring/exit pages and operating system/platform. This information is not personally identifiable.
- Audience demographics and interest reporting. We use data from Google Adwords’ interest-based reporting (such as age, gender and interests) with Google Analytics. This information is not personally identifiable.
- ‘Remarketing’ advertising (when we show an advert on another website).
You can control your privacy settings for Google products on their Personal info and privacy page. You can opt out of Google Analytics using this browser add-on. You can opt out of Google or LinkedIn advertising analytics or customise the adverts you see though their ad network via Google’s ad settings and LinkedIn’s ad settings. The data we collect through Google is retained for 26 months, after which it is deleted.
Information collected directly
Online browsing information
When you visit our website a cookie message will appear on the left hand side of the page asking you to accept or reject our recommended settings. In keeping with ICO requirements, you will not be able to browse the website until you have made a decision. If you change, your mind about the decision you have made you can always change your settings again by clicking on the cog in the bottom left hand side of the web page.
We collect standard internet log information when you visit our websites, including the Internet Protocol (IP) address used to connect your computer to the internet. We collect online browsing information in a way which does not personally identify anyone. We do not capture personal information (such as your name, email address and telephone number) unless it is expressly provided by you.
We also deposit cookies to distinguish you from other users of our websites, to provide you with a good experience when you are browsing and to also help us understand visitor behaviour and improve our sites. For detailed information on the cookies we use and the purposes for which we use them, see our Cookies policy.
E-newsletter subscription information
We use a third party provider, dotmailer, to deliver our various e-newsletters and to enable people to subscribe to them.
Dotmailer’s features allow us to capture personal information, such as your name and email address. You can also provide additional information such as the organisation you work for. We may use the information you give to us when subscribing to help us deliver more personalised marketing communications services, including online advertising using Google and LinkedIn advertising services. If we use the information you provide for advertising purposes, it is not personally identifiable.
If you do not want to receive e-newsletters from us, you can opt out at any time via your subscription preferences or the e-newsletter you receive. For more information on our use of subscription information relative to any online advertising we may do, and how to opt-out or customise the online adverts served to you, see the ‘website analytics and advertising’ section above.
Investigation and consultation ‘notify me’ alert subscriptions
We collect email addresses via our website if a user chooses to subscribe to the ‘notify me’ alerts for when the status of an investigation or consultation changes. We hold this personal data until an investigation or consultation reaches its final decision, after which the data is deleted from our servers within 30 days. We do not disclose this information to third parties.
RSS feed subscriptions
We do not track usage of RSS feeds.
Online event invites and registration
We may use a third party provider, Eventbrite, to send event invites, register interest and confirm attendance to Ofgem stakeholder events.
Eventbrite’s features allow us to capture personal information, including your name, contact details, job role and the organisation you work for. We use this to respond directly to enquiries you may send to us about our events. We may also use supplied e-mail addresses for Ofgem marketing purposes, such as to provide you with information on other events. If you do not want to receive these updates from us, you can opt out at any time via the invitations you receive or email email@example.com at any time and we will remove you from our events distribution list.
2. Why we need to collect and process your information
The browsing data we collect and process is routinely recorded by most websites to help monitor performance and improve services to you. We will use the information we collect:
- to improve our websites to ensure that content is presented in the most effective way for you and the devices you use.
- to enable you to use interactive features of our online services, when you choose to do so.
- to administer our websites and for internal operations – including for data analysis, troubleshooting and testing, research and survey purposes.
- as part of our efforts to keep our websites stable and secure.
- to measure or understand the effectiveness of any advertising we do, and to serve relevant advertising to you.
3. How we collect your information
The notice applies to information we collect about:
- online browsing data if you visit our websites, engage with our social media pages or any online advertising we may do (such as via LinkedIn or Google)
- people who subscribe to our online services, e.g. our RSS feeds, e-newsletters, consultations or investigation ’notify me’ alerts
- people who register to attend an Ofgem event.
It covers how any information we collect may be used and your choices on its use. To find out how we use information we collect from you outside of these channels, for instance how we collect and process customer survey data, please see the Ofgem privacy notice.
View our Cookies policy for information on what we do and how we use them.
4. How and when we will disclose your information
We will only disclose your personal information in the following circumstances:
- where the disclosure is required by law, statutory directions, court orders, or government regulations.
- where you give us explicit permission to disclose it.
- processing and sharing information during audits.
5. Sharing your information outside the European Economic Area (EEA)
Any information you provide will not be transferred outside the European Economic Area.
6. Legal basis for processing your information
We collect and process your information in order to perform our regulatory functions as part of our public tasks.
7. How long do we keep your information?
Your personal information is deleted when we no longer need it for our duties, and it is not kept for more than five years.
8. Your rights
If we hold information about you, you have the right to:
- Be informed about the data we hold about you.
- Access the information we hold about you.
- Have your personal information corrected if it is incomplete or inaccurate.
- Ask us to restrict how we process your information.
- Object to certain ways we use your information.
- In some circumstances, you may have a right to object to Ofgem processing your information.
9. Disclosure of personal information
You can also get information about:
- agreements we have with other organisations for sharing information;
- circumstances where we can pass on your personal information without consent for example, to prevent and detect crime and to produce anonymised statistics;
- our instructions to staff on how to collect, use and delete personal information;
- how we check that the information we hold is accurate and up to date.
10. How to contact us
If you would like to:
- make an FOI or EIR request please refer to Freedom of Information section.
- make a complaint about Ofgem please refer to Complaints about Ofgem section.
- make a Subject Access Request please refer to Subject Access Request section- add hyperlink once created
The Data Protection Officer
10 South Colonnade
11. Complaints to the Information Commissioner
You have a right to complain to the Information Commissioner.
If you want to complain about how we have handled your information you can report it direct to the Information Commissioner’s Office at the following address:
Information Commissioner's Office
Telephone: 0303 123 1113
Online: Live chat
We regularly review our privacy notice and this notice was last updated on 13 September 2019. During this update we made changes to bring the wording of this policy in line with the General Data Protection Regulations and Data Protection Act 2018.