Ofgem digital channels privacy notice

Mae’r dudalen yma ar gael yn Gymraeg.
Publication date
18th May 2018
Information type
Policy area

This notice

This privacy notice tells you how we collect and process personal information when you visit Ofgem’s digital channels. This includes our:

It also covers information we may collect from other online sources such as analytics and search information providers or advertising networks in their supply of services to us.

Data controller

The data controller for the processing of any personal information as outlined in this privacy notice is the Gas and Electricity Markets Authority (GEMA). For ease of reference this privacy notice refers to the administrative office of GEMA as ‘Ofgem’ throughout. 

1. What personal information do we collect?

Information collected indirectly

Social media and commenting

We may receive information about you if you use or follow any of our social media pages on Twitter (@ofgem and @ofgem_schemes), Facebook and LinkedIn. We may receive your:

  • profile information (such as your social media handle and any personal information you choose to list on your profile)
  • online behaviour based on your interactions with our content, such as clicks, time on content. This information is not personally identifiable.

For more information and how you can manage access to this information, please see the privacy policies on Twitter, Facebook and LinkedIn.

We use Disqus, a third party comment sharing system, to capture and facilitate stakeholder discussions on our website blog. To opt out of tracking, see the Disqus opt-out page. To find out more, visit the Disqus privacy policy.

Website and advertising analytics

We work closely with third parties in their supply of services to us (for example analytics and search information providers or advertising networks), and may get information about you or your online behaviour from them.

We use Google Analytics, Google Tag Manager and Google Adwords services for:

  • Technical and visit information on our websites such as: download errors, response times, the date/time/length of a visit to certain pages, page interaction information (scrolling, clicks, mouse-overs), browser type and versions, visit location, referring/exit pages and operating system/platform. This information is not personally identifiable.
  • Audience demographics and interest reporting. We use data from Google Adwords’ interest-based reporting (such as age, gender and interests) with Google Analytics. This information is not personally identifiable.
  • ‘Remarketing’ advertising (when we show an advert on another website). 
    If we run adverts through Google or LinkedIn’s advertising network, we and the advertising service provider (Google Adwords or LinkedIn) will use cookies to serve our adverts based on a user’s past interactions with our websites. This information is not personally identifiable.
  • ‘Customer match’ advertising (when we show an advert to you and similar audiences on Google’s ad network based on information you have explicitly given to us for marketing purposes, such as in subscribing to our e-newsletter marketing communications). If we run adverts through Google to reach new audiences using ‘customer match’ functionality, the advertising provider (Google Adwords) will use information we provide to them, such as non-personally identifiable email addresses and demographics and interest reporting, to serve adverts on their network. Adwords will also use cookies to serve our adverts based on a user’s past interactions with our websites. To find out more, view the Adwords customer match privacy policy.
  • Impressions reporting. If we run adverts through the Google or LinkedIn advertising networks, we and the advertising service provider (Google Adwords or LinkedIn) will use cookies to report how our advert impressions and interactions with them are related to visits to our websites.

You can control your privacy settings for Google products on their Personal info and privacy page. You can opt out of Google Analytics using this browser add-on. You can opt out of Google or LinkedIn advertising analytics or customise the adverts you see though their ad network via Google’s ad settings and LinkedIn’s ad settings. The data we collect through Google is retained for 26 months, after which it is deleted.

We use Siteimprove, a third party web analytics provider, to collect visitor behaviour data such as click errors and website page response times. For more information, see the Siteimprove privacy policy.

We use Synthesio, a third party online analytics provider, to collect statistics and monitor our online reputation. Synthesio indexes publicly-available portions of websites such as blogs, news websites, and social networking websites. Personal data could be included in the indexed content supplied to us. For more information, see the Synthesio privacy policy.

We may use Hotjar, a third party web analytics and surveying provider, to record visitor interactions (such as mouse clicks, mouse movement and scroll activity on our websites) and survey website visitors. Hotjar also collects information such as browser type & version, country, device used, operating system and date/time of visit. You can opt-out of tracking, see the Hotjar opt-out page. For more information, see the Hotjar privacy policy.

We may use Quantcast Measure, a third party web analytics tool, to better understand our website visitor demographics. If you do not want your visits to the Ofgem site to be included, you can opt out of Quantcast's interest based tracking. For more information, see the Quantcast privacy policy.

Information collected directly

Online browsing information

We collect standard internet log information when you visit our websites, including the Internet Protocol (IP) address used to connect your computer to the internet. We collect online browsing information in a way which does not personally identify anyone. We do not capture personal information (such as your name, email address and telephone number) unless it is expressly provided by you.

We also deposit cookies to distinguish you from other users of our websites, to provide you with a good experience when you are browsing and to also help us understand visitor behaviour and improve our sites. For detailed information on the cookies we use and the purposes for which we use them, see our Cookies policy.

E-newsletter subscription information

We use a third party provider, dotmailer, to deliver our various e-newsletters and to enable people to subscribe to them.

Dotmailer’s features allow us to capture personal information, such as your name and email address. You can also provide additional information such as the organisation you work for. We may use the information you give to us when subscribing to help us deliver more personalised marketing communications services, including online advertising using Google and LinkedIn advertising services. If we use the information you provide for advertising purposes, it is not personally identifiable.

If you do not want to receive e-newsletters from us, you can opt out at any time via your subscription preferences or the e-newsletter you receive. For more information on our use of subscription information relative to any online advertising we may do, and how to opt-out or customise the online adverts served to you, see the ‘website analytics and advertising’ section above.

We gather statistics on email opens, clicks and click-through streams using industry standard technologies such as embedded images and tracking codes on links. We use this information to help us monitor and improve our communications. For more information, please see Dotmailer’s privacy policy.

Investigation and consultation ‘notify me’ alert subscriptions

We collect email addresses via our website if a user chooses to subscribe to the ‘notify me’ alerts for when the status of an investigation or consultation changes. We hold this personal data until an investigation or consultation reaches its final decision, after which the data is deleted from our servers within 30 days. We do not disclose this information to third parties.

RSS feed subscriptions

We do not track usage of RSS feeds.

Website surveys

We may use SurveyMonkey, a third party survey provider, to capture response data to surveys we run for users of our websites. For more information, see the SurveyMonkey privacy policy.

We may use Qualtrics, a third party survey provider, to capture response data to surveys we run for users of our websites and survey interactions. For more information, see the Qualtrics privacy policy.

Online event invites and registration

We may use a third party provider, Eventbrite, to send event invites, register interest and confirm attendance to Ofgem stakeholder events.

Eventbrite’s features allow us to capture personal information, including your name, contact details, job role and the organisation you work for. We use this to respond directly to enquiries you may send to us about our events. We may also use supplied e-mail addresses for Ofgem marketing purposes, such as to provide you with information on other events. If you do not want to receive these updates from us, you can opt out at any time via the invitations you receive or email stakeholders@ofgem.gov.uk at any time and we will remove you from our events distribution list.

We collect statistics about event invite engagement, such as clicks, opens and response rates. For more information, please see Eventbrite’s privacy policy.

2. Why we need to collect and process your information 

The browsing data we collect and process is routinely recorded by most websites to help monitor performance and improve services to you. We will use the information we collect:

  • to improve our websites to ensure that content is presented in the most effective way for you and the devices you use.
  • to enable you to use interactive features of our online services, when you choose to do so.
  • to administer our websites and for internal operations – including for data analysis, troubleshooting and testing, research and survey purposes.
  • as part of our efforts to keep our websites stable and secure.
  • to measure or understand the effectiveness of any advertising we do, and to serve relevant advertising to you.

3. How we collect your information

The notice applies to information we collect about:

  • online browsing data if you visit our websites, engage with our social media pages or any online advertising we may do (such as via LinkedIn or Google)  
  • people who subscribe to our online services, e.g. our RSS feeds, e-newsletters, consultations or investigation ’notify me’ alerts
  • people who register to attend an Ofgem event.

It covers how any information we collect may be used and your choices on its use. To find out how we use information we collect from you outside of these channels, for instance how we collect and process customer survey data, please see the Ofgem privacy notice.

View our Cookies policy for information on what we do and how we use them.

4. How and when we will disclose your information

We will only disclose your personal information in the following circumstances: 

  • where the disclosure is required by law, statutory directions, court orders, or government regulations.
  • where you give us explicit permission to disclose it.
  • processing and sharing information during audits.

5. Sharing your information outside the European Economic Area (EEA)

Any information you provide will not be transferred outside the European Economic Area. 

6. Legal basis for processing your information

We collect and process your information in order to perform our regulatory functions as part of our public tasks.

7. How long do we keep your information?

Your personal information is deleted when we no longer need it for our duties, and it is not kept for more than five years.

8. Your rights 

If we hold information about you, you have specific rights in relation to that information, you have the right to:

  • know how we use your personal information
  • access your personal information
  • have personal information corrected if it is inaccurate or incomplete
  • ask us to delete personal information when we no longer need it
  • ask us to restrict how we process your information
  • get your information from us and re-use it across other services
  • object to certain ways we use your information 
  • be safeguarded against risks where decisions based on your information are taken entirely automatically
  • tell us if we can share your information with 3rd parties
  • tell us your preferred frequency, content and format of our communications with you

You can exercise these rights by contacting our Data Protection Officer (contact details below).

9. Disclosure of personal information

You can also get information about:

  • agreements we have with other organisations for sharing information;
  • circumstances where we can pass on your personal information without consent for example, to prevent and detect crime and to produce anonymised statistics;
  • our instructions to staff on how to collect, use and delete personal information; 
  • how we check that the information we hold is accurate and up to date.

10. How to contact us or make a complaint to us

If you want to exercise any of your rights, request information about our privacy policy, know more about the information we hold about you or make a complaint about how we’ve handled your information, you can email us at dpo@ofgem.gov.uk or write to:

The Data Protection Officer
Ofgem
10 South Colonnade
Canary Wharf
London
E14 4PU

11. Complaints to the Information Commissioner

You have a right to complain to the Information Commissioner.

If you want to complain about how we have handled your information you can report it direct to the Information Commissioner’s Office at the following address:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Online: Live chat

We regularly review our privacy notice and this notice was last updated on 18 May 2018. During this update we made changes to bring the wording of this policy in line with the General Data Protection Regulations and Data Protection Act 2018.