Privacy and Cookie Policy for (the Website)

Last updated: June 2017

This Privacy and Cookie Policy tells you how we will use information provided by you or collected about you when you use the Website (which includes, but is not limited to, MyAccount and MyCampus) or our mobile applications, including the EDF Energy Amazon Skill and the MyAccount application (together the “Apps”). It also explains what cookies we use on this Website.

Please read this Privacy and Cookie Policy carefully before you use the Website, or the Apps. It is a legally binding agreement and contains important information on your legal rights and obligations.

By using this Website or the Apps you accept this Privacy and Cookie Policy and agree to abide by it.

Expressions used but not defined in this Privacy and Cookie Policy will have the meanings set out in the Website Terms, EDF Energy MyAccount Terms and Conditions of Use and the Alexa Terms and Conditions of which this Privacy and Cookie Policy forms a part.

Changes to this Privacy and Cookie Policy

We may revise and update this Privacy and Cookie Policy at any time and will indicate at the top of this page when this Privacy and Cookie Policy was last revised. Please periodically review the Privacy and Cookie Policy, as your continued use of the Website or the Apps indicates your agreement with any changes that we make.

Information We Collect

We collect certain personal information about you when you visit and/or register on the Website, or the Apps. The data collected will generally fall into one of four categories:

Information you give us: You may give us information about you by filling in forms on the Apps or the Website, or by corresponding with us (for example, by e-mail or chat). This includes information you provide when you register to use our Apps, download or register on our Apps, subscribe to any of our services, search for a mobile application or service, make a purchase on the Website, share data via our App's social media functions, enter a competition, promotion or survey, and when you report a problem with the Website or the Apps. The information you give us may include your name, address, e-mail address and phone number, information pertaining to the device used and other registration information, and financial information, personal description and photograph.

Information we collect about you and your device, and usage: Each time you visit our Website, or our Apps, we may collect the following information:

  • technical information, including the type of mobile device you use, a unique device identifier (for example, your device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting, IP addresses, browser types;
  • information stored on your device, including login information, photos, videos or other digital content, check ins;
  • details of your use of the Apps or your visits to the Website [including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise] and the resources that you access through the use of cookies. Please see the section entitled " Cookies" below.

Location information: We may also use GPS technology to determine your current location through your use of our Apps or using your mobile to access the Website on your phone. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose.

Information we receive from other sources: We may also partner with certain third parties to deliver advertisements and monitor activities on our Website, or Apps, and in doing so these third parties may use cookies or other methods of monitoring traffic about the Website or App visitors.

If you contact us we may keep a record of that correspondence.

Use and Storage of Your Information

This section explains how we will use your personal information. We may use the personal information you provide to us via the Website or Apps for the purposes of:

  • hosting, administering, improving the Website and Apps, or the services we offer via the Website or Apps;
  • providing you with the information your request from us and keeping a record of the information with which you have been provided;
  • to notify you about any changes to our Website or Apps, such as improvements or service/product changes, that may affect the service of the Website or Apps;
  • asking you to participate in surveys and feedback relating to the Website or Apps and for processing and analysing the results of that survey or feedback internally;
  • exercising our rights and performing our obligations under the Website Terms; the Alexa Terms and Conditions and/or the EDF Energy MyAccount Terms and Conditions of Use under your energy supply contract with us;
  • providing you with information about any services we or third parties provide that we believe may be of interest to you;
  • for other purposes clearly stated on the page or other method in which you provide your information to us; 
  • to comply with legislation and regulatory laws, or other legal requirements; 
  • to share with companies within the EDF Energy group, and with trusted third parties who are contractually obligated to keep such information confidential and to use it only to provide the services that we have asked them to perform; 
  • to verify your identity and/or location to allow access to your account and to conduct online transactions; and
  • as is necessary for you to enjoy the benefits associated with use of the Website and Apps. 

Storage of Your Information

All information you provide to us is stored on our secure servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted. Where we have given you (or where you have chosen) a password that enables you to access certain parts of the Website or Apps, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Website or the Apps; any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.

Sharing of Your Information

We may share your personal information with third parties in the following ways:

  • we may use third parties to process personal information on our behalf. (For example, we may use a third party to provide website or mobile application hosting services or to facilitate the provision of information to you or to provide services on our behalf);
  • we may share your personal information with third parties who may contact you directly in relation to goods or services which may be of interest to you;
  • we will release your personal information when we are required to do so for legal or regulatory purposes or as part of legal proceedings or to assist fraud protection;
  • we may disclose your identity and contact details to a third party who is claiming that any content posted or uploaded by you is a violation of their rights or who has otherwise been harmed by you in relation to your use of the Website or the Apps. You will provide us with all relevant information relating to that claim without delay;
  • we will release your personal information to others when you have given your consent to that release;
  • we may give personal information we hold about you to third parties as part of the process of selling our business; and/or
  • in some circumstances, we may transfer your personal information to countries outside of the European Economic Area. If this occurs we will take steps to ensure that adequate measures are taken to protect your personal information.

Email Communications

To unsubscribe from marketing emails, simply click on the ‘unsubscribe’ link in the footer of the emails or update your communication preferences by logging into or registering for MyAccount and going to the About Me section.

Your rights

You have the right to ask us not to process your personal data for marketing purposes, to the extent that is within our control. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at 0800 056 7777.

Our Website or Apps may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Online and Mobile preferences Cookies

This section tells you how we use cookies and how you can manage them

What are cookies?
Cookies are small text files that are stored on your computer by your web browser. We use them to identify how visitors arrive at our site and the subsequent path they take through it. This helps us to improve our service to you.

EDF Energy does not use cookies to collect or store Personally Identifiable Information (PII).

How to control the use of cookies
If you wish to restrict or block cookies set by this Website, or any other website, you can do this through your browser settings. The "Help" function within your browser should give details of how to do this. Alternatively, you can find more details on how to control or delete cookies at

Please note that you may not be able to use many of the services on our Website or Apps or other websites without cookies.

How uses cookies
Our website currently uses cookies and some of our third party suppliers use our Website to set cookies on our behalf for internet marketing and performance optimisation.

While on this Website your web browser may interact with content from different servers and therefore cookies from other sources may be set on your computer during a visit to this site.

Optimizely cookies

EDF Energy uses Optimizely cookies to store information about your visit to our site, helping us understand how our site is being used. We use this information to show you different content that best fits your needs, as well as allowing us to test what type of content is most popular, thus improving the user experience. All information is anonymous. These cookies do not identify you as an individual.

How we protect your personal information

EDF Energy takes the protection of our customer’s information very seriously.

For security reasons, as with all organisations, it wouldn’t be appropriate for us to disclose specific details as to how we protect information. We’ve taken a ‘defence in depth’ approach to Information Security, especially regarding our online services.

Our systems are kept up-to-date and we test our online services to make sure they’re secure and that unauthorised access is prevented.

Use the tabs below to view a description of the types of cookie that are used, why they are used and details of the individual cookies.

EDF Energy cookies

Bespoke cookies set by the EDF Energy website

Cookie nameDescriptionExpiry
EDFMyAccountRemember MeUsername Enables 'Remember me' functionality on login forms, when the option is selected. 1 year
cookie-agreed Stores the response to the cookie notification popup. never
has_js Indicates to the page whether JavaScript is never

MyAccount cookies

MyAccount cookies are essential and are used to enable you to move around your self-service area and use its features. Without these cookie services, parts of the MyAccount site may not function correctly.

Cookie NameDescription
SAPLB_*saplb-Cookie is the load balancing identifier
JSESSIONIDjsessionid-Cookie is the J2EE session identifier 
PORTALALIASMy-account works with ALIAS names for navigation redirection purpose. When we do enable the portal alias in web.xml then the cookie gets generated by SAP application server
_utma, _utmb,
_utmc, _utmz
Related to Google analytics cookie
MYSAPSSO2Cookie gets generated as a part of logon to the SAP portal, generated by SAP application server
BNES*Barracuda cookies which is duplicate of SAP cookies with digital signatures
BNIS*Cookies from Barracuda with holds info on authentication
BNI_persistanceCookies from Barracuda for load balancing
Temporary cookie stored to pass information between pageviews. Cleared immediately after being read
_#atcOnly for users in phone quote sales (not public users)

Website Analytics cookies

Website analytics cookies are used to identify how users interact with our site, so that we can see things like the most popular pages and the journey users take though our site.

DC Storm cookies

Non-Cross Domain Tracking: 1st Party Cookies
Non-cross domain tracking uses first party cookies only. These cookies are written in the domain of the site being tracked.

Cookie nameDescriptionExpiry
_#srchistStores the history of traffic sources the user has arrived to the site by1000 days
_#sessStores information about the session1000 days
_#vdfStores the visit definition – ts type, number of visits, expiry1000 days
_#uidStores a user identifier (only within a site)1000 days
_#slidUnique sale ID1000 days
_#clkidUnique identifier for a click generating a landing1 year
_#lpsFlags that the last page was secure and therefore has no referrer20 min
_#tsaStores the referrer details to avoid duplicate Landing events10 min
_#envFlags whether the environment variables (screen size, browser etc) need to be collected again30 days

Cross Domain Tracking: 3rd Party Cookies
Cross-domain tracking uses 3rd party cookies to enable spanning of domains. The availability of third party cookies is tested – if not available a 1st party cookie is used instead, with reduced tracking ability.

Cookie nameDescriptionExpiry
_#stc[site id]This is the third party cookie used to store all the other cookie data in concatenated form. The Cookie’s name has the site ID in it.1000 days
_#nxdThis is a 1st party cookie used when access to the third party cookie is blocked. It stores the data similar to the _#stc cookie.1000 days

Google Analytics Cookies

Google Analytics cookies are written in the domain of the site being tracked.

Cookie nameDescriptionExpiry
_gaThis cookie name is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. The new service reduces the reliance on cookies in general, and only sets this and one other - _gat, although Google also say data can be collected without setting any cookies. This cookie is used to distinguishes unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners. sed to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.2 years
_gatThis cookie name is associated with Google Universal Analytics, according to documentation it is used to throttle the request rate - limiting the collection of data on high traffic sites. It expires after 10 minutes. The main purpose of this cookie is: Performance10 mins
__utmaThis cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure.2 years from set/update
__utmbThis cookie is used to establish and continue a user session with your site. When a user views a page on your site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on your site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on your site for longer than 30 minutes. You can modify the default length of a user session with the _setSessionCookieTimeout() method.30 minutes from set/update
__utmcThis is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behaviour and measure site performance. It is not used in most sites but is set to enable interoperability with the older version of Google Analytics code known as Urchin. In this older versions this was used in combination with the __utmb cookie to identify new sessions/visits for returning visitors. When used by Google Analytics this is always a Session cookie which is destroyed when the user closes their browser. Where it is seen as a Persistent cookie it is therefore likely to be a different technology setting the cookie.session
__utmtThis cookie is set by Google Analytics. According to their documentation it is used to throttle the request rate for the service - limiting the collection of data on high traffic sites. It expires after 10 minutes10 mins
__utmvThis cookie is not normally present in a default configuration of the tracking code. The __utmv cookie passes the information provided via the _setVar() method, which you use to create a custom user segment. This string is then passed to the Analytics servers in the GIF request URL via the utmcc parameter. This cookie is only written if you have added the _setVar() method for the tracking code on your website page.2 years from set/update
__utmxThis cookie is used by Website Optimizer and only set when the Website Optimizer tracking code is installed and correctly configured for your pages. When the optimizer script executes, this cookie stores the variation this visitor is assigned to for each experiment, so the visitor has a consistent experience on your site.  See the Website Optimizer Help Center for more information.6 months from set/update
__utmzThis cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site.6 months from set/update

Google Analytics Opt-out Browser Add-on:

Crazy Egg

Cookie nameDescriptionExpiry
is_returning1st party cookie that does not include any Personally Identifiable Information to assess usage patterns on the website.Persistent cookie that's stored on  your computer in-between sessions


Cookie nameDescriptionExpiry
mmcore.pd, mmcore.srvUsed to store anonymous identifiers. They enable the optimisation platform to remember a visitor and to serve them with the appropriate content while ensuring a fast load of the web page.Persistent cookie that is stored on your computer in-between sessions
mmid, mmpa.rh, mmcore.idThese 3 cookies are obsolete. They were used in a previous version of the maxymiser platform, and will eventually expire within 12 months.Persistent cookie that is stored on your computer in-between sessions
Maximyser-mmcore.tst, mmpa.tstThis cookie is used by the platform as a test to see whether or not browser settings allow cookies to be set on the end-user machine. Mmpa.tst is a previous version of the same cookie.This is a session-basedcookie that is deleted when you leave the site.
mm_[description] Sometimes maxymiser need to create a custom cookie to deliver particular functionality on the website. These are prefixed with mm_.Persistent cookie that is stored on your computer in-between sessions

New Relic cookies

New Relic uses an enhanced version of the Episodes  JavaScript library to perform browser measurements, the same library used by Google Analytics. Page load timing (sometimes referred to as real user monitoring or RUM) also creates the following cookies in end-user browsers.

Cookie nameDescriptionExpiry


This cookie is only created in browsers that do not support the Navigation Timing API. When a browser supports the Navigation Timing API, a native interface can be used to determine navigation start time.NREUM is a session cookie that is deleted when the browser closes.


This cookie is created only when a token is handed out to an end user by the New Relic server. End user metrics are communicated to New Relic servers via a JSONP request from the browser (script retrieval). The returned JavaScript contains a call to set the token identifier which is written to the cookie on the next navigation (when the page unloads). This achieves a cross-domain communication between New Relic servers and the New Relic agent. This cookie is used to communicate between the New Relic server aggregating end user metrics and the agent(s) running in the associated web application. A token identifies and correlates application tier transaction traces with corresponding browser traces.NRAGENT is a session cookie that is deleted when the browser closes.


The JSESSIONID cookie is used to store a session identifier so that New Relic can monitor session counts for an application. The cookie value is generated by Jetty.JSESSIONID is a session cookie that is deleted when the browser closes.

SessionCam cookies

The following cookies are set when a user visits a website that SessionCam is recording:

Cookie nameDescriptionExpiry


Session cookie which, allows us to maintain a session related to the end userSession


Session cookie which allows us to maintain a session over multiple domains.Session


Allows us to track repeat visits from end users1 year
sc.StatusAllows us confirm that recording statusSession

Third party cookies

EDF Energy uses a number of suppliers who also set cookies on the website on its behalf or on their own sites in order to deliver the services that they are providing. If you would like more information about the cookies used by these suppliers, please see the list below.

Cookie NameSet by (domain)DescriptionExpiry
These cookies are set to maintain the visitor session and to track repeat visitors when they click to chat1 year

The companies listed below are some of the providers who work with website operators to collect and use information to provide online behavioural advertising.

Visit where you can use the buttons to control your online behavioural advertising preferences. You can turn off or turn on all companies or alternatively set your preferences for individual ones. By clicking on the button you can find out more about the company itself as well as its behavioural advertising status on the web browser you are using.

Cookie NameSet by (domain)DescriptionExpiry
awin1.comSave data for trackingvariable
(merchantid)Holds link id of currently displayed bannersession
aw3Identify the affiliate_id and click timevariable
AWIdentify referring affiliate90 days
_aw_m_(clickid)Track sale / leadvariable


Cookie NameSet by (domain)DescriptionExpiry
HTTP code - Google Code for EDF Eco X Remarketing List Googlemarketing tag - this piece of code places a cookie on the users system so that we can retarget that particular user with display ads for a given period of time.30 days, 
Provide functionality for Google+ share buttons, when on the page. per page


Cookie NameSet by (domain)DescriptionExpiry
Custhelp.comStores session specific user data. Session


Cookie NameSet by (domain)DescriptionExpiry
session_start_time The time and date that the push invitation was triggeredSession
k_visit Counts the number of user visits1 year
k_push8 A cookie that retains the 21 day invitation opt-out time limit. This is set if / when a user declines a proactive feedback push invitation21 days
push_time_start The time and date that the push invitation was triggeredSession
k_vectors A shared visitor identifier used to support Omniture integrationSession
k_track An identifirer used to support Funnel Reporting integration 


Cookie NameSet by (domain)DescriptionExpiry
Numerousyoutube.comProvide functionality for YouTube videos, when played per page


Cookie NameSet by (domain)DescriptionExpiry
_cfduid, _utma, _utmc, _utmz, page_services, uvc Provide functionality for social sharing icons, when on the page. per page

MyCampus cookies

Cookie NameDescription
MOODLEID1_* encrypted username
MoodleSessionsession name
_saml_idp SAML domain cookie


EDF Energy registered address

EDF Energy Customers plc. Reg. No. 02228297. Registered office is 90 Whitfield St, London W1T 4EZ