Our privacy policy

This statement explains how we collect, use, transfer and store your personal data.

We would encourage you to read this information

Our priority at E.ON is keeping your data secure and treating it with respect. We aim to handle your data fairly and lawfully at all times. We're also committed to being transparent about what we do. This statement explains how we collect, use, transfer and store your personal data. We know that there is a lot of information here, but it's important that you understand your rights as a customer. We’ve tried to make it as easy as possible to navigate through by including headings you can click on, (if accessing on our website) which then expand to show more information.     

It’s likely that we will update this notice from time to time in order to reflect changes in the law and/or to our privacy practices, but we will notify you of any significant changes. Our website will always show the most up to date version. You can request a paper copy, including large print or braille, by calling us. This policy was last updated on the 7 July 2020.

This policy explains how and why we process your data. If you have a specific product or service from us listed below, we have also provided more information as to how we may use your data and the reasons why (click on the relevant topic). This supplements the information given in an attempt to be as transparent as possible, it doesn’t replace anything in this or other privacy policies which may be applicable to the service or product you have.

Who is responsible for your data

E.ON is the 'Data Controller' for your personal data. This means we have legal responsibility for how we collect and handle your data.

We refer to 'E.ON' in this statement. This means E.ON UK plc, and the companies owned by E.ON UK plc who provide energy and related products and services. E.ON UK plc is part of the E.ON group, one of the world's largest power and gas companies.

The address and registered office of E.ON is Westwood Way, Westwood Business Park, Coventry, CV4 8LG.

In 2019, E.ON’s parent company acquired a majority shareholding in Innogy SE who are the parent company of the Npower group and its subsidiaries in the UK.

The address and registered office of the companies in the Npower group is Windmill Hill Business Park, Whitehill Way, Swindon, Wiltshire, SN5 6PB.

As our products and services may be provided to you by different companies within our group, it may be that your personal information is passed to the relevant group company or companies. You can find out more about E.ON on our website or about npower on the npower website.

How can you contact us

We can be contacted at:

Data Protection Office, Newstead Court, Little Oak Drive, Annesley, Nottinghamshire, NG15 0DR

E.ON’s Data Protection Officer supports and advises E.ON on data protection matters. The Data Protection Officer can be contacted at the address above.

Other ways to contact us are on our contact us page.

Who does this statement apply to

  • Customers and prospective customers; 
  • Individuals, sole traders, partnerships and companies (to the extent that the relevant company provides us with any personal data - for example employee names and email addresses);
  • People we wish to promote products and services to;
  • People who contact us on social media;
  • People who visit our website;
  • People who have responsibility for managing, or being a point of contact, for another person’s account.

Your personal data - what information we collect

Data we process about you includes:

Personal data: Such as your name, address, date of birth, and other contact details such as your email address and telephone number.

Vulnerability information: Such as health or disability issues. Having this data helps us provide you with the right services for you and to ensure your safety.

Financial information: Such as your payment details and financial circumstances. We need your bank details if you want to pay by Direct Debit. If you have difficulty paying our bills, providing details of your circumstances helps us work with you to resolve this.

Information about your supply: Such as your meter reference numbers and meter type. This ensures we are linking you with the right meter and helps to keep industry databases accurate.

Energy you use: Such as your energy use and property occupation dates. If you have a smart meter, we will take consumption data directly from your meter. You have a contractual obligation to provide us with details of your energy usage, as we need this to send you accurate bills. If we have to estimate your bills, you may not be paying the right amount for your energy.

Records of conversations/interactions with us: Such as records of your discussions with our customer support teams, including call recordings, webchat and emails for training and monitoring purposes. When you share comments and opinions with us, ask us questions or make a complaint we may keep a record of this. This includes when you send us emails, phone our support team or contact us via webchat or through social media such as through Twitter or on Facebook. Some of our staff may also wear body worn video equipment.

Marketing preferences: We will record your advertising and marketing preferences including any requests for these communications to stop.

Exercising your rights: If you exercise any of your statutory rights under data protection law, we will keep a record of this and how we respond.

Device and machine information: Your smartphone or computer's IP address may tell us an approximate location when you connect to our website, but this will be no more precise than the city, state or country you are using your device in. 

Lifestyle and demographic insight information: Information about how you use our services and other information about your demographic in order for us to offer you personalised energy products and services.

Company data: With regards to companies, data such as names, phone numbers and email addresses of representatives of your company.

Data we may collect from other people or organisations

Data such as your name and contact details may be provided to us by people moving in or out of a property you're occupying, or a landlord/estate agent.

Metering and debt information can come from other organisations involved in supplying your energy and other services, such as other energy suppliers, meter operators and Credit Reference Agencies.

Energy brokers and comparison platforms like MoneySuperMarket will send us the details we need to contact you and set up an account for you.

Publicly-accessible data is available from sources such as the Land Registry, who can provide up to date information about properties we supply energy to.

Information such as additional contact details, home moving status and other information about your circumstances, including lifestyle and demographic data can be provided by councils, postal services and data brokers.

Information about energy saving installations can be provided by installers and managing agents.

Information about your use of home energy solutions can be provided to us by those companies who provide the service to you.

How we use your data - the legal basis and purposes

Who we share your data with

There are various circumstances where we may need to share your data with other people or organisations. These are:

  • Our parent company and other companies in the E.ON Group and/or npower Group who may be involved in the provision of services to you.
  • Energy market administrators such as Xoserve for gas, ECOES for electricity and the Meter Point Administration Service, as we may need to check that your meter is correctly registered against your address.
  • Network Operators, for example so they can keep you informed about disruptions and reconnections to your energy supply if there's a loss of supply, an emergency or an event happening that will cause disruption to your energy supply.
  • Agents and sub-contractors appointed by us to facilitate our contract with you, such as Meter Operators and Data Collectors.
  • Our marketing partners who we work with. These organisations may enhance or match the data we hold or carry out activities on our behalf.
  • Third-party IT suppliers who provide and/or help us operate our IT systems. For example, to carry out diagnostics or troubleshooting work.
  • If you have a smart meter, Smart DCC Ltd, who manage the data and communications network connecting smart meters to us and other industry suppliers, to ensure consistency between suppliers.
  • Network Providers who provide Home Area Network services to some smart metering customers, to enable these services to be provided.
  • Energy suppliers and other organisations to deal with a switch between suppliers.
  • When changing supplier, if you have a Prepayment meter, we may share debt information between suppliers as part of this process.
  • Other energy suppliers, landlords or housing associations if we or another organisation suspect the property is connected with fraud or theft. We also contribute to the Theft Risk Assessment Service operated by Experian.
  • Agents appointed by Ofgem to test meters suspected of being faulty.
  • Other people you have authorised us to share data with, such as family members, energy brokers, solicitors and debt management companies, so we can fulfil your requirements.
  • Debt collection agencies and other organisations assisting us with debt recovery (for example, bailiffs, courts, private investigators and our solicitors).
  • Social services, the Police, distribution services or other similar agencies if we think you need extra emergency help.
  • The administrators of our Energy Fund grants, if you apply to them for help payment your bills.
  • Organisations giving you a service (for instance Green Deal), helping you compare your energy use with similar households or offering you rewards to assist you.
  • Market regulators such as OFGEM and consumer protection organisations such as the Energy Ombudsman, where we are obliged to do so under regulations.
  • Law enforcement organisations working on the detection, investigation and prevention of crime and enforcement of legislation.
  • Commissioning and installation contractors for installations such as solar panels, batteries and insulation, and HIES, the consumer protection organisation covering the installation of renewable energy products
  • Financial organisations for purposes such as payment processing, and refunds.
  • If you apply for Affordable Warmth-funded measures, the Energy Saving Trust and Department for Work and Pensions to confirm whether you're entitled to the assistance and other necessary contractors to carry out the surveys, work etc
  • Finance providers if you require a loan to pay for energy saving measures.
  • Manufacturers and suppliers of energy efficiency measures who provide energy saving measures and are working for you.
  • Organisations which offer referral and reward schemes on our behalf, and/or organisations which offer you cash back for joining us.
  • If you want to register or transfer your Generation Unit(s) under either the FiT or SEG schemes, we will share your data with the Department for Business Energy and Industrial Strategy, our regulator Ofgem and other FiT/SEG licensees. We also share your data with service partners we engage to assist us with things like IT, telephony, bulk mailing, and mobile app platforms.
  • Advertising organisations including social media and entertainment service providers to show you advertising about our products and services.
  • Our marketing partners who we work with.  These organisations may enhance or match the data we hold or carry out activities on our behalf.
  • If you have E.ON Home with us, information about your use of home energy solutions can be provided by those companies who provide the service to you.
  • If you have solar panels or battery storage with us and you wish to pay for your installation using our finance options, we will share your details with the lender. We will also need to transfer data to the provider of your solar and/or battery inverter(s) for the purposes of providing you with access to monitoring platforms such as E.ON Home or those provided by the inverter manufacturer.
  • When we share your personal data with third parties, we enter into contracts to ensure your personal data is kept secure, is only used for the defined purpose, and is then deleted in accordance with our data retention requirements. 
  • When you join us, buy an additional product or service or set up a Direct Debit for the first time, we’ll share your details with one or more CRAs to check your identity and see if you may have any problems paying your bills. This means that we’ll share your personal data with them, and they’ll give us information about you so we can be sure about who we have a contract with and see if you might have problems paying your bills.
  • We may also tell Credit Reference Agencies (CRAs) how you're managing your account and whether you owe us any money. They might share this data with others to help them make informed lending decisions. For more information, view the Credit Reference Agencies section below.

Automated decision making and profiling

We may use automated decision making, including profiling. This involves processing your personal data without human intervention to evaluate your personal situation such as your economic position, personal preferences, interests and behaviour, for instance in relation to transactions on your account. We may do this for the following reasons:

  • To produce statistics for analysis purposes;
  • To identify what marketing offers are likely to interest you the most. This should ensure you only see offers that are relevant to you, but may mean you don’t see everything that we offer;
  • To assess your credit risk. Factors such as your payment history will determine what action we take to ensure our bills are paid.

The rationale behind making a decision or building a profile about you will differ in each case but generally we will use what we know about you, your household and your account history and combine this with demographic and general trend data.

All this activity is on the basis of our legitimate interests in improving our business, tailoring our services and the offers we make and developing and innovating our products and services which we can offer to you.

Our website and social media

We have accounts on most major social media channels and use their 'public' platforms to manage our social media interactions.

We don't have any control over how these companies use any data shared with us through their services, and we recommend you review their privacy notices yourself. We'd also remind you that any information you post publicly is visible to anyone.

If we know you're an E.ON customer and you send us personal data using a private or direct message via social media, that data will be stored along with your other account records in line with our standard data retention period.

If you send us personal data via Facebook Messenger to enable us to give you a quote for a potential energy supply, we'll delete the relevant messages from Messenger, but they will still be available to you and Facebook unless you also delete them.

Visitors to eonenergy.com

By using our website, you're allowing us to collect and use the information you give us for the purposes of your visit or as explained to you.

Lead Forensics

Our website contains tracking code provided by Lead Forensics. This code enables Lead Forensics to track activity on the business section of our website and provide E.ON with information on the IP address of the requesting computer (this data is not anonymised), the date and duration of the user’s visit, and the web pages which the user visits. This data may be used by us to contact the business about their experience or for marketing purposes. We will not pass this data to third parties for any reason.

Find out more about Lead Forensics.

Google reCAPTURE

We use the Recaptcha service provided by Google to ensure that use of our website is by living humans, not automated spam scripts.

Find out more about Google reCAPTCHA and Google's privacy policy

How we use cookies

Most internet browsers, like Firefox, Safari or Google Chrome, let websites store simple text files called 'cookies' on your computer.

Cookies let websites remember things like your username or password, so you don't need to re-type them every time you visit. They also help websites see how you use them, and this can be used to improve how websites work.

We have a legal responsibility to tell you about the kind of cookies we use, what they're for and how to turn them off. We strongly suggest you accept our cookies though, to get the best possible service from our website.

What cookies can’t do

There are quite a few myths about cookies out there, so to put your mind at rest, here's what cookies can't do:

-       Read your hard disk.

-       Get your login email address or other personal info unless you provide it.

-       Create viruses or destructive programmes that could harm your computer.

-       Instantly fill up your hard drive.

What cookies do eonenergy.com use?

Necessary cookies:

We use necessary cookies to make our site work. Necessary cookies enable core functionality such as security, network management and accessibility. You may disable these by changing your browser settings, but this may affect how our website functions. These include:

  • ServiceTick. This cookie allows us to review your web session in real-time to help us improve your online experience when using our website. It allows our website team to find and fix errors and improve the usability of the website. This also allows us to manage online customer surveys and prevent them from being displayed once completed.
  • E.ON First time visitor cookies. The first time you visit our website, these cookies record whether you’re interested in home energy or business energy. That way, when you visit again, we can take you straight to the relevant section.
  • SessionCam. This cookie allows us to review your web session in real-time to help us improve your online experience when using our website. It allows our website team to find and fix errors and improve the usability of the website. This also allows us to manage online customer surveys and prevent them from being displayed once completed.
  • _cfduid. This cookie is used by Cloudflare to maximise network resources, manage traffic to our website and protect our website from malicious traffic. This cookie collects and anonymises End User IP address using a one-way hash of certain values so individual cannot be identified.

Marketing cookies:

We will only use marketing cookies if you agree to them being enabled when you first visit our website. These include: 

  • Xaxis. If you've shown an interest in buying something from our website but decided not to, these cookies will let a handful of other selected websites advertise that product to you.
  • Criteo and Dentsu Aegis. Criteo and Dentsu Aegis use retargeting cookies to provide you with personalised adverts when you visit other selected websites. They use web beacons to confirm that a sale has occurred and will exclude users from further advert retargeting.

Tracking/analytics cookies:

These include:

  • Google Analytics and Webtrends. These are known as website tracking tools and they're used on most websites. They give us general information about you and what you are using on our website, including what pages you visit, how long you visit for and the kind of things you do. This helps us spot problems and improve the website.
  • DoubleClick. We use these cookies on a small number of pages to see when you have come from specific websites, search engines or online advertisements. This helps us to see how you find us and how well our marketing is working.
  • AdInsight. These cookies let us show different phone numbers on our website, depending on whether you've come to us from a search engine, website or advert, so we can see which one works best and get value for money from our marketing.
  • Adobe Target. These cookies are used to help us improve your customer experience when visiting our site. They're used to perform and measure the results of online testing. They also allow us to ensure that you get the same experience each time you return to our site.
  • E.ON Account cookies. If you manage your account online, these cookies help our website download your information more quickly and display it in the right way. The cookies also contain information about how you use our services, so that we can display the content that is most relevant to you in order to improve your experience.

How do I turn cookies off?

How you disable or delete cookies depends on which version of your internet browser you're using, for instance, Internet Explorer 9.

You should be able to check this by going to the About section in the Help or Tools section of your browser.

To find out more, we suggest you visit aboutcookies.org, where you'll find easy to follow instructions for both deleting or controlling cookies from your browser.

aboutcookies.org is a third party website, so we're not responsible for the information on it, but we're more than happy to recommend it.

Visitors to eonnext.com

We will also use your personal information to provide you with a more effective user experience (such as displaying services we think you will be interested in).

Our use of your information in this way means that your experience of our site will be more tailored to you, and the content you see on our site may differ from someone accessing the same site with a different history or browsing habits.

We also share your aggregated anonymous data with third party analytics and search engine providers that assist us in the improvement and optimisation of our site.

We will also use your personal information for the purposes of making our site more secure, and to administer our site and the internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

We process your data for this reason because we have a legitimate interest to provide you with the best experience we can, and to ensure that our site is kept secure.

You can prevent us from using your personal information in this way by using the ‘do not track’ functionality in your internet browser. If you enable do not track functionality, our site may be less tailored to your needs and preferences.

What cookies do eonnext.com use?

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.

Cookie type

  • _insp_*. Analytics for improvement and optimisation. 
  • _gclxxxx. Google conversion tracking cookie. 
  • _utmb. This cookie determines new sessions and visits and expires after 30 minutes. The cookie is updated every time data is sent to Google Analytics. Any activity by a user within the 30 minute life span will count as a single visit, even if the user leaves and then returns to the site. A return after 30 minutes will count as a new visit, but a returning visitor. 
  • _utma. This cookie lasts for 2 years by default and distinguishes  between users and sessions. It is used to calculate new and returning visitor statistics. The cookie is updated every time data is sent to Google Analytics. 
  • _gali. Google analytics - used to distinguish users.
  • _utmc. This is used to enable interoperability with the older version of Google Analytics code known as Urchin. When used by Google Analytics this is always a session cookie which is destoryed when the user closes their browser.
  • _utmz. This cookie identifies the source of traffic to the site so Google Analytics can tell site owners where visitors came from when arriving on the site. The cookie has a life span of 6 months and is updated every time data is sent to Google Analytics. 
  • _ga. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. 
  • _gaexp. Used to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in. 
  • _gat_GA-*. This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. 
  • _gid. This cookie name is associated with Google Universal Analytics.

With the exception of the _utmc cookie, which is session based, the above cookies are all persistent cookies.

Your rights

If we collect or handle your personal data, you have rights as an individual which you can exercise in relation to the information we hold about you.

Right of access to your personal data

You can find out if we hold any personal data about you, and access that data, by making a ‘subject access request’ under the Data Protection Act 2018 and the UK General Data Protection Regulation. If we do hold your personal data, we will provide you with a copy and information about what we do with it. Unless you ask us to provide it in a different way, we will email this to you where you have given us an email address.

You can request access to our data by using any of the methods on our contact us page.

If you are an E.ON Next customer contact us here.

If you only want to see certain items and you agree, we will try to deal with your request informally, for example, by providing you with the specific information you need over the telephone.

Other rights you have

If you’ve given us consent to process your personal data, you have the right to withdraw that consent at any time by contacting us.

You can request that we correct any mistakes, restrict or stop processing your data, or delete it. It’s worth noting that in some cases if you do ask us to correct, delete or stop processing it, we won’t always be required to do so – for example we may need to continue in order to service your account in line with our contract. If this is the case, we'll explain why.

If we are making decisions about you based solely on automated processing, including profiling, then you have the right to object to this in most cases. In certain circumstances, if we are making decisions about you based solely on automated processing that is necessary for entering into, or performance of, a contract with you or you have given us explicit consent you have the right to have a person make the decision instead.

In certain circumstances (where you provide your information to us (a) with consent to process it or (b) where the processing is necessary for the performance of our contract with you), you can require that we provide the data we hold about you either to you or a third party in a commonly used format. This is commonly called ‘portability’). This only applies if we are processing it using automation only. If you would like more information about this, let us know.

Your right to contact the Information Commissioner

If you're unhappy with any aspect of how we handle your personal data you also have the right to contact the Information Commissioner’s Office (ICO), the supervisory authority that regulates handling of personal information in the UK.

You can contact them by going to their website, phoning them on 0303 123 1113 or by post to:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

How long do we store your personal data for

If you have an account with us, we will retain your personal data for seven years following the end of our contractual relationship with you (which might be when your account closes or when we have issued your final bill.) There may be circumstances when we need to keep it for longer, for instance, if you are on a long-term payment plan or to meet our legal obligations. We will delete it as soon as we have no need to keep it further or put it “beyond use”. Beyond use means we will not use your personal data to inform any decisions, we will not give access to any other organisation and will delete as soon as this becomes possible.

If we hold your data for any other reason, we will delete it as soon as we no longer have a valid reason to retain it.

How we keep your information

When you log in to your online account or ask us for a quote, our website pages are secure, which means all the personal details you type in are encrypted before they’re sent to us.

We store and use all personal information securely, so it can't be read by anyone who doesn't need to see it.

When you get in touch with us, we'll ask you a couple of security questions before we share any personal details, just to check it's you. We will never give out your personal data such as name, address, DOB when you speak to us, we will only confirm it back to you.

When we use other organisations to help us provide services and manage your account, we have appropriate contracts in place, which limits their use of your data to only what we have asked them to do. We provide only the information they need to perform their specific services and we work closely with them to ensure that your privacy is respected and protected at all times. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

Data transfers outside the European Economic Area

Data protection laws allow us to transfer personal data to organisations in countries within the European Economic Area (EEA)*, as those countries are signed up to the same laws and have the same controls and safeguards in place to protect your data. We may transfer your personal data to an organisation in a country outside the EEA, in which case we will only do so where the European Commission has declared that the receiving country has an adequate level of protection, or we have a contract in place which includes appropriate data protection clauses requiring that your data is handled to the same standards as we uphold.

*The rules around the transfer of data outside the UK could change depending on what is agreed between the UK and the European Union at the end of the transition period. The UK–EU Withdrawal Agreement specifies that the transition period will last until 31 December 2020.

Credit Reference Agencies

When you join us, buy an additional product or service or set up a Direct Debit for the first time, we’ll share your details with one or more Credit Reference Agencies (CRAs) to check your identity and see if you may have any problems paying your bills. This means that we’ll share your personal data with them, and they’ll give us information about you so we can be sure about who we have a contract with and see if you might have problems paying your bills.

We may also tell CRAs how you're managing your account and whether you owe us any money. They might share this data with others to help them make informed lending decisions.

CRAs can also help us try to trace you if you have moved and we owe you money or you owe us money.

More information is set out in a Credit Reference Agency Information Notice which describes how the three main CRAs (ExperianEquifax and Call credit) share and use personal data. This is available from all three CRAs and displayed on their websites.

What's a Credit Reference Agency?

Credit reference agencies (CRAs) collect and maintain information on consumers' and businesses' credit behaviour on behalf of organisations in the UK.

What's a fraud prevention agency?

Fraud prevention agencies (FPAs) collect, maintain and share, information on known and suspected fraudulent activity. Some CRAs also act as FPAs.

What do you use them when I've chosen to switch to E.ON?

Although you’ve chosen to switch to us, we’ll check our own records and contact CRAs to get information on your credit behaviour with other organisations. This’ll help us make the best possible assessment of your financial situation before we make a decision. We’ll do this in a secure and responsible manner, in line with industry standards.

Where do they get their information from?

From publicly available information such as:

  • The Electoral Register from Local Authorities.
  • County Court Judgments from Registry Trust.
  • Bankruptcy (and other similar orders) from the Insolvency Service.
  • Fraud information may also come from FPAs.
  • Credit information comes from information on applications to banks, building societies, credit card companies etc. and also from the behaviour of those accounts.

How will I know if my information is being sent to a CRA or FRA?

You’ll be told when you apply for an account if your application data is to be supplied. The next section will tell you how, when and why we’ll search at CRAs and FPAs and what we’ll do with the information we obtain from them. We’ll also tell you if we plan to send your payment history information on you or your business, if you have one, to CRAs. You can ask at any time for the name of CRAs and FPAs.

Why is my data used in this way?

We and other organisations want to make the best possible decisions we can, in order to make sure that you, or your business, will be able to pay us for the energy you use. Some organisations may also use the information to check your identity, check for outstanding debt, and to ensure that there is no evidence of fraudulent activity within your credit history. We’ll always use this information securely, for the purposes it is intended, and won’t use it for marketing purposes.

In this way we can ensure that we all make responsible decisions. At the same time, we also want to make decisions quickly and easily and, by using up to date information, we’re able to make the most reliable and fair decisions possible.

Who controls what agencies are allowed to do with my data?

All organisations that collect and process personal data are regulated by the Data Protection Act 2018 and the UK General Data Protection Regulation, overseen by the Information Commissioner’s Office (ICO). All CRAs are in regular dialogue with the Commissioner. Use of the Electoral Register is controlled under the Representation of the People Act 2000.

Can anyone look at data held by CRAs?

No, access to your information is very strictly controlled and only those that are entitled to do so may see it. Usually, that will only be with your agreement or (very occasionally) if there is a legal requirement.

Will my data be used for crime prevention?

We may share your data with other organisations for the detection and prevention of crime. Your information will always be processed securely and in line with data privacy laws.

What we'll do:

1. When you apply to us to open an account, we'll:

a) Check our own records for information on:

    i) Your personal accounts;

    ii) and,  if you've got one, your financial associates' personal accounts;

    iii) if you're an owner, director or partner in a small business we may also check on your business accounts.

b) Search at credit references agencies (CRAs) for information on:

   i) Your personal accounts

   ii) and, if you're making a joint application now or have ever done the following, we'll check your financial associates’ personal accounts as well: - previously made joint applications - have joint accounts - are financially linked;

   iii) if there's insufficient information to enable us to assist you, occasionally we may also use information about other members of your family;

   iv) if you're a director or partner in a small business we may also check on your business accounts.

c) Search at fraud prevention agencies (FPAs) for information on you and any addresses at which you've lived and, on your business (if you've got one).

2. What we do with the information you supply to us as part of the application:

a) Information that's supplied to us will be sent to the CRAs.

b) If you're making a joint application or tell us that you've a spouse or financial associate, we'll:

   i) search, link and/or record information at CRAs about you both;

   ii) link any individual identified as your financial associate, in our own records;

   iii) take both your and their information into account in future applications by either or both of you;

   iv)  continue this linking until the account closes or is changed to a sole account and one of you notifies us that you're no longer linked, so you must be sure that you have their agreement to disclose information about them;

c) If you give us false or inaccurate information and we suspect or identify fraud, we'll record this and may also pass this information to FPAs and other organisations involved in crime and fraud prevention.

d) We may also use your data to offer you other products and services if you have given your permission.

3. With the information we obtain we'll:

a) Assess this application to make a decision on products and services that we offer you.

b) Check details on applications for credit and credit related or other facilities.

c) Verify your identity and the identity of your spouse, partner or other directors/partners and/or;

d) Undertake checks for the prevention and detection of crime, fraud and/or money laundering.

e) We may use scoring methods to assess this application and to verify your identity.

f)  Manage your personal and/or business account (if you have one) with ourselves.

g)  Undertake periodic statistical analysis or testing to ensure the accuracy of existing and future products and services.

h)  Any or all of these processes may be automated.

4. What we do when you have an account:

a) We'll give details of your personal and/or business account (if you've got one), including names and parties to the account and how you manage it/them to CRAs

b) If you don't repay your bill in full, on time, or as arranged we'll tell CRAs.

c) We may make periodic searches of our own group records and at CRAs to manage your account with us. This may include obtaining your financial information from CRAs. This may include but is not limited to: credit utilisation, mortgage information, defaults on credit accounts, fraud indicators and residency indicators. This data is used to support the implementation of appropriate debt prevention and collection strategies to mitigate our bad debt risk. This may include but is not limited to: supporting setting up sustainable payment arrangements, identifying and supporting customers facing financial vulnerability and implementing pre-delinquency measures. If you do not want us to obtain this information please contact us  We may also check at FPAs to prevent or detect fraud.

d) If you don't make payments that you owe us, we'll trace your whereabouts and recover debts.

What CRAs and FPAs do

5. When CRAs receive a search from us, they will:

a) Place a search “footprint” on your credit file whether or not this application continues. If the search was for a credit application, the record of that search (but not the name of the organisation that carried it out) may be seen by other organisations when you apply for credit in the future.

b) Link together the records of you and anyone that you have advised is your financial associate including previous and current parties. Links between financial associates will remain on your and their files until such time as you or your partner successfully files for a disassociation with the credit reference agencies.

6. They supply to us:

a) Credit information such as previous applications and the behaviour of the accounts in your name and of your associates (if there's a link between you – see 1b above) and/or your business accounts (if you've got one).

b) Public information such as County Court Judgments (CCJs) and bankruptcies.

c) Electoral Register information.

d) Fraud prevention information.

7. When information is supply to us, to them, on your accounts:

a) CRAs will record the details that are supplied on your personal and/or business account (if you've got one) including any previous and subsequent names that have been used by the account holders and how you/they manage it/them.

b) If you don't repay in full, on time, or as arranged, CRAs will record the outstanding debt.

c) Records shared with CRAs remain on file for six years after they're closed, whether settled by you or defaulted.

d) If we owe you monies and are unable to contact you, we may use this information to trace you and credit any monies owed.

8. How CRAs won’t use your data:

a) It won't be used to create a blacklist.

b) It won't be used by the CRA to make a decision.

9.  How CRAs will use your data:

a) The information which we and other organisations provide to CRAs about you, your financial associates and your business (if you've got one) may be supplied by CRAs to other organisations and used by them to:

i) Prevent crime, fraud and money laundering by, for example, checking details provided on applications for credit and credit related or other facilities;

ii) Check the operation of credit and credit-related accounts;

iii) Verify your identity if you or your financial associate applies for other facilities;

iv) Make decisions on credit and credit related services about you, your partner, other members of your household or your business;

v) Manage your personal, your partner’s and/or business (if you've got one) credit or credit related account or other facilities;

vi) Trace your whereabouts and recover debts or refund credits that we may owe you;

vii) Undertake statistical analysis and system testing.

10. How your data might be used by Fraud prevention agencies:

a) The information which we provide to the FPAs about you, your financial associates and your business (if you've got one) may be supplied by FPAs to other organisations and used by them and us to:

   i) Prevent crime, fraud and money laundering by, for example;

  • Checking details provided on applications for credit and credit related or other facilities;
  • Managing credit and credit related accounts or facilities;
  • Cross checking details provided on proposals and claims for all types of insurance;
  • Checking details on applications for jobs or when checked as part of employment.

b) Verify your identity if you or your financial associate applies for other facilities including all types of insurance proposals and claims.

c) Trace your whereabouts and recover debts that you owe.

d) Conduct other checks to prevent or detect fraud.

e) We and other organisations may access and use from other countries the information recorded by FPAs.

f) Undertake statistical analysis and system testing.

11. Other purposes

Your data may also be used for other purposes for which you give your specific permission or, in very limited circumstances, when required by law or where permitted under the terms of the Data Protection Act 2018 and the UK General Data Protection Regulation.

12. Offer products

Your data may also be used to offer you other products, but only where permitted.

How to find out more

You can contact the CRAs currently operating in the UK: the information they hold may not be the same so it’s worth contacting them all:

CallCredit, Consumer Services Team, PO Box 491, Leeds, LS3 1WZ or call 0870 060 1414.

 Equifax Ltd, 6 Wellington Place, Leeds, LS1 4AP or call 0113 380 8000.

 Experian, Consumer Help Service, PO Box 8000, Nottingham, NG80 7WF or call 0870 241 6212.

Smart metering information

You can view our page on smart metering to understand how we may use that data.

Feed-in Tariff scheme

The Feed-in Tariff scheme (FiT) is a government scheme aimed at promoting the installation of small-scale renewable energy – like solar panels. It provides a guaranteed payment for the amount of energy generated/exported from the installation. The scheme is now closed to new applicants. Your FiT Terms and Conditions set out yours and our obligations in full.

We make payments under the scheme to you (or your nominated recipient); to do this we need details of the electricity you generate and export under the FiT scheme. You are obliged to give us this information so that we can accurately calculate the payments due to you. We are also responsible for checking your application details and registering you and your installation on the Central FiT Register (CFR). To allow us to do this we need to process information relating to you such as your name, address and identification details (passport/driving licence for example). We also need your bank details and information relating to your installation, such as MCS certificate, Energy Performance Certificate for your property.

We will share this information with Ofgem for the purpose of registering your installation on the CFR which is a requirement of the scheme. We will keep some of this information for the life of the time your installation is eligible for the scheme – which could be up to 25 years in some circumstances and then for an additional 7 years as per the how long we store your personal data for section.

Find out more about the FiT scheme.

Solar panels and battery storage

We provide solar PV (photovoltaic) panels and battery storage to people and businesses in the UK. Solar panels convert the sun’s energy into electricity which can then be used in the home or business. Battery storage can be added to the solar panels to help store renewable energy for when it is needed.

We will use the information you give us, such as your name, address and telephone number to arrange an in-home appointment to talk to you about what products are best for your needs, what you can expect them to generate and of course to give you a quote to carry out the works.

If you purchase a product from us, we will use your information to help us carry out any installation required (including sharing that information with any sub-contractor) and to provide you with any relevant maintenance and aftercare.

For more information concerning your solar and/or battery contract with us; please refer to the Terms and Conditions contained in your quote.

Electric vehicle charging (E.ON Drive)

We will see details of where, when and how long you charge your vehicle. This lets us charge you accurately for the electricity you use.

Smart Export Guarantee

Details of energy you generate and/or export under the Feed-in Tariff scheme or Smart Export Scheme. You're obliged to give us this information so that we can accurately calculate the payments due to you.

Boiler cover

We’ve teamed up with Homeserve to offer boiler cover. Our website will transfer you to the Homeserve website where you can purchase boiler cover. You can view a copy of Homeserve's Privacy policy. Homeserve will share with us the products and services you have taken from them. We will use this information to help us run our business effectively.

Affordable warmth

You will be asked for information about any benefits you receive and money you get from employment, to assess your eligibility for assistance.

E.ON Home App

We will use the data we collect about how much energy you use, the energy you generate, your use of electric vehicle charging points, and your use of other home energy solutions to provide you with a detailed information breakdown through the E.ON Home platform. For more information regarding your E.ON Home App including cookies used; please refer to the privacy policy on the E.ON home App.

Tado° - Smart heating

The tado° smart thermostat uses your phone's location to give you control of your heating, making sure energy isn't wasted. Your smart thermostat provides a simple view of your heating, while the smart scheduling app for your smartphone lets you control your heating from wherever you are.

We will use your information you give us such as name, address, contact details, bank details for the purposes of processing your order, delivering and if appropriate installing your tado°. When you use the tado° software you will be doing so in accordance with tado’s Terms and Conditions and privacy policy (a copy of which will be given to you by tado). You can find out more on the tado° website.

If you use the E.ON Home App you can decide if you wish for tado° to share the personal data they hold about you with E.ON for the purpose of giving you more intelligent, tailored and personalised information in the E.ON Home App.