Who do we share your personal data with?

There are various circumstances where we may need to share your data with other people or organisations. These are:

- Our parent company and other companies in the E.ON Group who may be involved in the provision of services to you

- Energy market administrators such as Xoserve for gas, ECOES for electricity and the Meter Point Administration Service, as we may need to check that your meter is correctly registered against your address

- Network operators, so they can keep you informed about reconnecting your energy supply if there's a loss of supply or an emergency

- Agents and sub-contractors appointed by us to facilitate our contract with you, such as Meter Operators and Data Collectors

- Smart DCC Ltd, who manage the data and communications network connecting smart meters to ourselves and other industry suppliers, to ensure consistency between suppliers

- Energy suppliers and other organisations to deal with a switch between suppliers

- Other energy suppliers, landlords or housing associations if we or another organisation suspect the property is connected with fraud or theft. We also contribute to the Theft Risk Assessment Service operated by Experian

- Agents appointed by Ofgem to test meters suspected of being faulty

- Other people you have authorised us to share data with, such as family members, energy brokers, solicitors and debt management companies, so we can fulfil your requirements

- Debt collection agencies and other organisations assisting us with debt recovery (for example, bailiffs, courts, private investigators and our solicitors)

- Social services, the Police, distribution services or other similar agencies if we think you need extra emergency help

- The administrators of our Energy Fund grants, if you apply to them for help payment your bills

- Organisations giving you a service (for instance Green Deal), helping you compare your energy use with similar households or offer you rewards to assist you

- Market regulators such as OFGEM and consumer protection organisations such as the Energy Ombudsman, where we are obliged to do so under regulations

- Law enforcement organisations working on the detection, investigation and prevention of crime and enforcement of legislation

- Commissioning and installation contractors for installations such as solar panels and insulation, and HIES, the consumer protection organisation covering the installation of renewable energy products

- Financial organisations for purposes such as payment processing, and refunds

- If you apply for Affordable Warmth-funded measures, the Energy Saving Trust and Department for Work and Pensions to confirm whether you're entitled to the assistance

- Finance providers if you require a loan to pay for energy saving measures

- Manufacturers and suppliers of energy efficiency measures who provide energy saving measures and are working for you

- The Department for Business Energy and Industrial Strategy, to register your Fit installation and other FiT licensees if you want to transfer your generation unit(s) under the FiT scheme

- We also share your data with service partners we engage to assist us with things like IT, telephony, bulk mailing, and mobile app platforms.

Credit Reference Agencies ("CRAs")

When you join us, buy an additional product or service or set up a direct debit for the first time, we will ask you for your consent to share your details with one or more CRAs to check your identity and see if you may have any problems paying your bills. This means that we will share your personal data with them and they will give us information about you in order that we can be sure about who we have a contract with and see if you might have problems paying your bills.

We may also tell CRAs how you're managing your account and whether you owe us any money. They might share this data with others to help them make informed lending decisions.

CRAs can also help us try to trace you if you have moved and we owe you money or you owe us money.

More information is set out in a Credit Reference Agency Information Notice which describes how the three main CRAs (Experian, Equifax and Callcredit) share and use personal data. This is available from all three CRAs and displayed on their websites.

Automated decision making and profiling

We may use automated decision making, including profiling. This involves processing your personal data without human intervention to evaluate your personal situation such as your economic position, personal preferences, interests and behaviour, for instance in relation to transactions on your account. We may do this for the following reasons:

  • To produce statistics for analysis purposes
  • To identify what marketing offers are likely to interest you the most. This should ensure you only see offers that are relevant to you, but may mean you don’t see everything that we offer
  • To assess your credit risk. Factors such as your payment history will determine what action we take to ensure our bills are paid.

The rationale behind making a decision or building a profile about you will differ in each case but generally we will use what we know about you, your household and your account history and combine this with demographic and general trend data.

All this activity is on the basis of our legitimate interests in protecting our business, tailoring our services and the offers we make and developing and improving our products and services.

People we wish to promote products and services to

We'd like to use your personal data to communicate with you by email, text, letter, telephone, social media and via our website

With your consent, we will tell you about products and services, promotions, tailored special offers and discounts that we think are likely to interest you.  If you’ve given us permission to send you marketing information we will respect your choices as to how you would like to receive this.

We may send you letters or call you without your prior agreement when we have a legitimate interest in doing this. Our legitimate interest might be:

  • Understanding our customer and getting to know their preferences
  • Telling our customers about products that might meet their needs and desires
  • Ensuring our customers are aware when they can save money

Sometimes we may also want to rely on these legitimate interests to share your information with other organisations, both within the E.ON Group and externally, for marketing purposes.  Some examples are:

  • Organisations who can enhance or match the data we hold with additional information such as additional contact methods and insights, which enable us to understand our customers better and plan marketing activities
  • Organisations we want to work with to promote a product or a product or service we endorse

 

You’re in control

We won’t use your personal data to promote anything to you, or for any marketing purpose at all (including profiling you for marketing), if you have told us not to. We will give you the opportunity to opt out of receiving marketing information whenever we contact you directly for this purpose. You can also opt out, and change your consent preferences, by calling us directly or going online.

People who contact us via social media

We have accounts on most major social media channels and use their 'public' platforms to manage our social media interactions

We don't have any control over how these companies use any data shared with us through their services, and we recommend you review their privacy notices yourself. We'd also remind you that any information you post publically is visible to anyone.

If we know you're an E.ON customer and you send us personal data using a private or direct message via social media that data will be stored along with your other account records in line with our standard data retention period.

If you send us personal data via Facebook Messenger to enable us to give you a quote for a potential energy supply we'll delete the relevant messages from Messenger but they will still be available to you and Facebook unless you also delete them.

Visitors to our website

By using our website, you're allowing us to collect and use the information you give us for the purposes of your visit or as explained to you

Lead Forensics IP Tracking and Google reCAPTCHA

Lead Forensics

Our website contains tracking code provided by Lead Forensics. This code enables Lead Forensics to track activity on the business section of our website and provide E.ON with information on the IP address of the requesting computer (this data is not anonymised), the date and duration of the user’s visit, and the web pages which the user visits. This data may be used by us to contact the business about their experience or for marketing purposes. We will not pass this data to third parties for any reason. More information can be found at www.leadforensics.com.

You can opt out of the collection, storage and processing of IP data at any time by clicking on this link: Opt out of Lead Forensics tracking

Google reCAPTCHA

We use the Recaptcha service provided by Google to ensure that use of our website is by living humans, not automated spam scripts. For more information about Google reCAPTCHA and Google's privacy policy, please visit the following links: https://www.google.com/intl/en/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html

Cookies

How we use cookies

Most internet browsers, like Firefox, Safari or Google Chrome, let websites store simple text files called 'cookies' on your computer.

They let websites remember things like your username or password so you don't need to re-type them every time you visit. They also help websites see how you use them, and this can be used to improve how websites work.

We have a legal responsibility to tell you about the kind of cookies we use, what they're for and how to turn them off. We strongly suggest you accept our cookies though, to get the best possible service from our website.

What cookies can't do

There are quite a few myths about cookies out there, so to put your mind at rest, here's what cookies can't do:

- Read your hard disk

- Get your login email address or other personal info unless you provide it

- Create viruses or destructive programmes that could harm your computer

- Instantly fill up your hard drive

What cookies do we use?

 Name

Purpose

Google Analytics, and Webtrends

These are known as website tracking tools and they're used on most websites. They give us general information about how people are using our website, including what pages they visit, how long they visit for and the kind of things they do. This helps us spot problems and improve the website.

 DoubleClick

We use these cookies on a small number of pages to see when people have come from specific websites, search engines or online advertisements. This helps us to see how people find us and how well our marketing is working.

 Xaxis

If you've shown an interest in buying something from our website but decided not to, these cookies will let a handful of other selected websites advertise that product to you.

AdInsight

These cookies let us show different phone numbers on our website, depending on whether you've come to us from a search engine, website or advert, so we can see which one works best and get value for money from our marketing.

Adobe Target 

These cookies are used to help us improve your customer experience when visiting our site. They're used to perform and measure the results of online testing. They also allow us to ensure that you get the same experience each time you return to our site.

ServiceTick

This cookie allows us to review your web session in real-time to help us improve your online experience when using our website. It allows our website team to find and fix errors and improve the usability of the website. This also allows us to manage online customer surveys and prevent them from being displayed once completed.

E.ON Your Account cookies

If you manage your account online, these cookies help our website download your information quicker and display it in the right way. The cookies also contain information about how you use our services so that we can display the content that is most relevant to you in order to improve your experience.

E.ON First time visitor cookies

The first time you visit our website, these cookies record whether you're interested in home energy or business energy. That way, when you visit again, we can take you straight to the relevant section.

Criteo and Dentsu Aegis

Criteo and Dentsu Aegis use retargeting cookies to provide you with personalised adverts when you visit other selected websites. They use web beacons to confirm that a sale has occurred and will exclude users from further advert retargeting.

SessionCam

This cookie allows us to review your web session in real-time to help us improve your online experience when using our website. It allows our website team to find and fix errors and improve the usability of the website. This also allows us to manage online customer surveys and prevent them from being displayed once completed.

How do I turn cookies off?

How you disable or delete cookies depends on which version of your internet browser you're using, for instance, Internet Explorer 9.

You should be able to check this by going to the About section in the Help or Tools section of your browser.

To find out more, we suggest you visit aboutcookies.org, where you'll find easy to follow instructions for both deleting or controlling cookies from your browser.

aboutcookies.org is a third party website, so we're not responsible for the information on it, but we're more than happy to recommend it.

Your rights

If we collect or handle your personal data, you have rights as an individual which you can exercise in relation to the information we hold about you.

Right of access to your personal data

Individuals can find out if we hold any personal data about them, and access that data, by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold your personal data, we will provide you with a copy and information about what we do with it. Unless you ask us to provide it in a different way, we will email this to you where you have given us an email address.

 

You can request access to our data using any of the methods on our contact us page.

 

If you only want to see certain items and you agree, we will try to deal with your request informally, for example, by providing you with the specific information you need over the telephone.

Other rights you have

If you’ve given us consent to process your personal data, you have the right to withdraw that consent at any time by contacting us. If you have an online account with us, you can also make changes to that preference in your account.

 

You can request that we correct any mistakes, restrict or stop processing your data, or delete it. It’s worth noting that in some cases if you do ask us to correct, delete or stop processing it, we won’t always be required to do so – for example we may need to continue in order to service your account in line with our contract. If this is the case, we'll explain why.

 

If we are making decisions about you based solely on automated processing, including profiling, then in certain circumstances (where we are processing on the basis of a legitimate interest and the decision has legal or similar effects on you), you have the right to have a person make the decision instead. Of course, if we are profiling you for marketing purposes, we will stop altogether.

 

In certain circumstances (where you provide your information to us (a) with consent to process it or (b) where the processing is necessary for the performance of our contract with you), you can require that we provide the data we hold about you either to you or a third party in a commonly used format. This is commonly called ‘portability’). This only applies if we are processing it using automation only. If you would like more information about this, let us know.

Your right to contact the Information Commissioner

If you're unhappy with any aspect of how we handle your personal data you also have the right to contact the Information Commissioner’s Office (ICO), the supervisory authority that regulates handling of personal information in the UK.

 

You can contact them by going to their website, phoning them on 0303 123 1113 or by post to:

 

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

How long do we store your personal data for?

If you have an account with us, we will retain your personal data for seven years following the end of our contractual relationship with you (which might be when your account closes or when we have issued your final bill.) There may be circumstances when we need to keep it for longer, for instance, if you are on a long-term payment plan or to meet our legal obligations, but we will delete it as soon as we have no need to keep it further.

If we hold your data for any other reason we will delete it as soon as we no longer have a valid reason to retain it.

How we keep your information safe

When you log in to your online account or ask us for a quote, our website pages are secure, which means all the personal details you type in are encrypted before they’re sent to us.

We store and use all personal information securely, so it can't be read by anyone who doesn't need to see it.

When you get in touch with us, we'll ask you a couple of security questions before we share any personal details, just to check it's you.

When we use other organisations to help us provide services and manage your account, we have appropriate contracts in place, which limits their use of your data to only what we have asked them to do. We provide only the information they need to perform their specific services and we work closely with them to ensure that your privacy is respected and protected at all times. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

What happens if we send your data out of the European Economic Area?

Data protection laws allow us to transfer personal data to organisations in countries within the European Economic Area (EEA), as those countries are signed up to the same laws and have to have the same controls and safeguards in place to protect your data. We may transfer your personal data to an organisation in a country outside the EEA, in which case we will only do so where the European Commission has declared that the receiving country has an adequate level of protection, or we have a contract in place which includes appropriate data protection clauses requiring that your data is handled to the same standards as we uphold.

If your data is being transferred outside the EEA, then you can obtain details of the relevant safeguards by contacting our Data Protection Officer.