EDF privacy and cookie policy

Privacy and Cookie Policy

Personal Data Privacy – what we collect; how we collect and why we collect data about you

EDF Energy respects your privacy and values the trust you place in us when you share your personal data with us. The data we collect about you will depend on your use of this website and your relationship with EDF Energy. To find out more about what personal data we collect, how we collect it and what we use it for, click on the relevant link below. These links take you to our Privacy Notices, which also provide details on which EDF Energy group company is the “controller” of your data and who to contact if you have any questions as to how we handle your information:

If you are a Customer who has procured, or is seeking to procure, energy supply or services from EDF Energy, please click on the customer's privacy notice tab below
Employees of EDF Energy should view the EDF Energy employee privacy policy
If you are a Third Party, such as a visitor to EDF Energy sites, or a contractor working at or with EDF Energy (including agency supplied workers, managed service workers and embedded contractors), please view the Third Parties' Privacy Notice.

This policy and our Privacy Notices will be changed from time to time but if we change anything important about it (e.g. the information we collect, how we use it or why) we will highlight those changes to you.

edfenergy.com (and other EDF Energy owned websites) Cookies

This section tells you how we use cookies on all EDF Energy owned websites and how you can manage them

What are cookies?

Cookies are small text files that are stored on your computer by your web browser. We use them to identify how visitors arrive at our site and the subsequent path they take through it. This helps us to improve our service to you.

EDF Energy does not use cookies to collect or store Personally Identifiable Information (PII).

How to control the use of cookies

Manage my cookie preferences

If you wish to restrict or block cookies set by this Website, or any other website, you can do this through your browser settings. The "Help" function within your browser should give details of how to do this. Alternatively, you can find more details on how to control or delete cookies at www.allaboutcookies.org

Please note that you may not be able to use many of the services on our Website or Apps or other websites without cookies.

How edfenergy.com uses cookies

Our website currently uses cookies and some of our third party suppliers use our Website to set cookies on our behalf for internet marketing and performance optimisation.

While on this Website your web browser may interact with content from different servers and therefore cookies from other sources may be set on your computer during a visit to this site.

Optimizely cookies

EDF Energy uses Optimizely cookies to store information about your visit to our site, helping us understand how our site is being used. We use this information to show you different content that best fits your needs, as well as allowing us to test what type of content is most popular, thus improving the user experience. All information is anonymous. These cookies do not identify you as an individual.

Use the tabs below to view a description of the types of cookie that are used, why they are used and details of the individual cookies.

Customers Privacy Notice

EDF Energy Customers Limited ("we") respects your privacy and values the trust you place in us when you share your personal information with us. This policy sets out how we, as data controller, collect and use your personal information, why we use it, with whom we share it, the rights to which you may be entitled and your choices about our use of your personal information, that may arise from you buying and using our products and services.

This policy will be changed from time to time but if we change anything important about this policy (the information we collect, how we use it or why) we will highlight these changes in bold text for a reasonable length of time following the change.

If you have any questions or need any further clarity, please get in touch with our Data Protection Officer: dpo@edfenergy.com or at 90 Whitfield Street, London WIT 4EZ.

Summary

We collect certain types of information from you, or about you, throughout our interaction with: you, third party service providers or publicly-available sources. This information often consists of things like your name, address and contact details, but can also include consumption data and metering information. We use this information for the activities we have listed in the table below: in order for us to provide our services; comply with legal and regulatory obligations; for marketing and reporting purposes; prevention of fraud and investigation of complaints.

We use this information for various activities in order to: provide our services; comply with legal and regulatory obligations; for marketing and reporting purposes; prevention of fraud and investigation of complaints, including those activities we have listed in the table below.

	What we collect This category of information we collect about you includes:	How we use it We use this information for certain activities, including to:	Why we use it We use this information because:
Information that you give us in order for us to set up and manage your account:	Your contact details including: your name, address, email address; phone number and the contact details of people associated with your account; Your bank account details and other financial information; Information about you such as gender; age; occupation; marital status and national identifiers; The product purchased; Your username; Your password; Your account preferences; Your account number; Information relating to your previous supplier; Consumption data and metering information.	Provide our products and services; Take payment from you and for all other billing purposes; Onboard you as a client; Help us to ensure that our customers are genuine and to prevent fraud; Transfer your account to another supplier if necessary; Reporting and account management; Debt collection and debt assignment purposes (including tracing your whereabouts or transferring the debt to debt collection agencies or debt purchasers or other suppliers and sharing this information with credit reference agencies); To facilitate all requirements in order to carry out smart metering obligations, such as assessing eligibility, booking meter installations, taking meter reads; To tell you about the different services we could offer you, including different payment methods and products.	It’s necessary to perform the contract; We have a legitimate business interest to: ensure that we can onboard you as a customer and manage your account throughout; tell you about the various products and services we can offer.
Information about the way you use our services:	Details on products or services we have provided or you’ve purchased; When and where you made these purchases; What you paid for them and how you paid; Whether you’ve opened electronic communications from us; Whether you’ve clicked on links in electronic communications from us; How you use our website Your meter installations, usage and other metering information such as MPANs; Marketing preferences; Marketing information (previous communication data; transaction history); Information you send us when you register your interest in a product/service/trial or take part in competitions/innovations.	Develop new services; Improve our services; Identify EDF Energy and related third party’s products, services and marketing of these that may be of interest to you; Determine future pricing and tariffs; Personalise our service of things you’re interested in and how you use our services; Statistical analysis, research, and reporting; Help to train our staff; Take part in government or industry initiatives; Test computer systems; Keep a record of the information which you have been provided; Debt collection and debt assignment purposes (including tracing your whereabouts or transferring debt to debt collection agencies or debt purchasers or other suppliers and sharing this information with credit reference agencies); Calculate consumption; Detect, prevent and investigate suspected and confirmed theft of energy/fraud.	We have a legitimate business interest to: improve our services and better understand how our customers use them; ensure that we are better able to personalise our offers to you; ensure that outstanding debts are paid; protect our business interests by ensuring that our customers are genuine and consumption is as accurate as possible. It is necessary to perform the contract; In addition to the above, where we have obtained your consent to use the data in this explicit way, then we can rely on that consent.
Information we collect from third-party partners and corporate customers which could include:	Credit rating information from credit reference agencies; Bank details and banking information from your bank; Bank details and financial information from payment processing companies; Energy preferences for cross-checking purposes, or to verify data; Potential customer details, like name and email address, from: publicly available sources such as the electoral roll; Royal Mail and Council Tax websites in order to confirm that a property has been demolished following notification from a third party; and price comparison entities; lead generation companies and energy brokers who direct you to us. Details on products or services we have provided or you’ve purchased. A list of these entities can be found here.	Provide our services; Calculate estimated consumption; Manage and administer our systems; To help to make decisions regarding credit and related services for you; Take payment from or give you a refund; Help us to ensure that our customers are genuine and to prevent fraud; Personalise our service to you; Statistical analysis and research into our clients; Combine this information with other kinds of information mentioned above; Engage brokers of price comparison sites so that they can list our prices and services on their websites/mobile applications and provide you with price comparison services; Organise the attendance of meter operators at your address to install or monitor usage Debt collection purposes (including tracing your whereabouts or transferring debt to debt collection agencies or debt purchasers and sharing this information with credit reference agencies);	We have a legitimate business interest in: developing and maintaining relationships with vendors, partners and other companies and dealing with individuals who work for them; conducting research to improve our services; ensure that outstanding debts are paid. It is necessary to perform the contract; In addition to the above, where we have obtained your consent to use the data in this explicit way, then we can rely on that consent.
Information that we collect from you in order to comply with all relevant laws, regulations, industry codes and government instructions, and to deal with complaints:	Your contact details; Health and medical data; National identifiers; Consumption data; Financial information (bank account details; credit check records; debit/credit card details); Pension credit information. Body camera visual and audio footage of site and / or installation visits.	Report to Ofgem; Report to the Department for Business, Energy and Industrial Strategy; Fulfil ECO credits; Fulfil the Green Deal scheme; Fulfil government initiatives such as the Warm Home Discount scheme; Monitor and service your account appropriate to your needs; Update the Priority Services Register and work with the Distribution Network Operators; Investigate incidences of potential, or actual, theft of energy; Respond to requests made by law enforcement or regulatory authorities, bodies or agencies, or in the defence of a legal claim. To help us monitor and audit customer site visits.	We need to comply with legal obligations; We have a legitimate business interest in: investigating possible/actual incidences of theft; resolving any complaints we may receive; ensuring that we comply with our regulatory and legislative obligations. In addition to the above, where we have obtained your consent to use the data in this explicit way, then we can rely on that consent – specifically with respect to medical and health data.
Information when you communicate with us whether in person, through our website or via email, over the phone, through social media or via any another medium, including:	Your contact details; The details of your communications with us; The details of our messages to you; Your marketing preferences; Marketing information; Metering information.	Answer any issues or concerns; Monitor customer communications for quality and training purposes; Develop new services; Improve our services; Personalise our service; Deal with any complaints; Assist with fraud investigations.	We have a legitimate business interest in: understanding customer feedback and in responding to customer communications in a consistent manner; ensuring that we are better able to personalise our offers to you. It is necessary to perform the contract; In addition to the above, where we have obtained your consent to use the data in this explicit way, then we can rely on that consent.
Information that we collect incidentally from other sources or public sources, including:	Information presented on our social media or wider media platforms such as Facebook or Twitter; Information collected by security systems; Information provided by Citizens Advice, the Energy Ombudsman or solicitors; Information relating to energy consumption and contact details from energy registers, landlords, letting and managing agents, gas transporters and network distributors.	Maintain market awareness; Build and maintain social media branding, and our branding in general; Deal with complaints received; Address subject access requests; Check and confirm validity and maintain the accuracy of data we hold in our systems about you or premises we supply; To locate premises that have been demolished so that we can remove supply.	We have a legitimate business interest in: providing security over our business; maintaining a public profile within the media; resolving customer’s complaints; maintaining the accuracy of data we hold. In addition to the above, where we have obtained your consent to use the data in this explicit way, then we can rely on that consent.

Automated decision making

We may make automated decisions on certain matters. For example, we may do this to decide whether we can provide our services to you based on our group records or a credit check. This will be informed by credit scoring where we share your information with credit reference agencies, screening on databases and confirmation of your information (including by third parties). Depending on the outcome of the credit check, a decision will be reached automatically as to whether we are able to provide products or services to you based on your creditworthiness.

If this information is not provided we cannot agree to provide a product or service for you.

Information we share

There are certain circumstances where we may transfer your personal data to employees, contractors and to other third parties Some examples of when your personal information is transferred to other third party organisations are as follows:

We may share information about you with other members of our group of companies so that we can provide the best service across our group. They are bound to keep your information in accordance with this Privacy Notice;
We may also share your information with certain contractors or service providers and they may process your personal data for us. They are always required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function. View a list of these entities.
If we're discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality – or if sold, to buyers who can continue to provide services to you;
If we're required to by law, or under any regulatory code or practise we follow, or if we are asked by any public or regulatory authority – for example, the Police; Ofgem or BEIS – or to defend any legal claims;
Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data
If you have an account with us we may share information about you and your account (including details of any outstanding debt or borrowing) with the below credit reference agencies. The identities of the credit reference agencies, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the credit reference agencies are explained in more detail in the Credit Reference Agency Information Notice (CRAIN). CRAIN is accessible from each of the three credit reference agencies by clicking on the CRAIN links below.
TransUnion (formerly Callcredit), Customer Relations, One Park Lane, LEEDS, LS3 1EP Phone: 0330 024 7574. Websites: Transunion, CRAIN.
Equifax PLC Credit File Advice Centre PO Box 3001 Bradford BD1 5US Phone: 0870 010 0583 Website: Credit Scores, Reports and History (Equifax UK). CRAIN: Credit Reference Agency Information Notice (CRAIN) (Equifax UK).
Experian Consumer Help Service PO Box 8000 Nottingham NG80 7WF Phone: 0870 241 6212 Website: Experian. CRAIN: Credit Reference Agency Information Notice (CRAIN) (Experian).
If you decide to change suppliers, we may share such information with the new supplier.
Details in relation to how this information will be used can be obtained directly from the credit reference agencies. Please note their information uses may not be the same for each so it is worth contacting them all; they may charge you a small statutory fee.
Your personal data will be shared with the Department for Business, Energy and Industrial (BEIS) to support administration of the Energy Bills Support Scheme (EBSS). Such data sharing will consist of your meter point number, status of your EBSS payments and data relating to your meter point including your billing cycle and how you pay your bill. BEIS is collecting and processing this information in the public interest and in exercise of official authority vested in the Secretary of State for BEIS.
You can find more information on how BEIS will use your personal data in the BEIS Privacy Notice.
For non-domestic customers who do not operate as limited companies, your personal data will be shared with the Department for Business, Energy and Industrial (BEIS) to support administration of the Energy Bill Relief Scheme (EBRS). Such data sharing will include your meter point number, the status and amount of your EBRS payments and data relating to your meter point including your billing cycle and how you pay your bill. BEIS is collecting and processing this information in the public interest and in exercise of official authority vested in the Secretary of State for BEIS.
You can find more information on how BEIS will use your personal data for the EBRS in the BEIS Privacy Notice.
For customers who have a smart meter installed or enter into a new contract with us, in the future we’ll be able to use your half hourly smart meter data to help meet our net zero targets and manage a smarter more flexible energy system. This is planned by Ofgem to start in 2024/2025. We’ll write to eligible customers nearer the time to tell you more about this and how it will work.

Where your information will be held

When we share your information, your information may be transferred outside the European Economic Area.

We store our information on cloud servers located in the USA, or engage vendors which do not always have equivalent data protection laws to those applicable in Europe. The transfer of this information is therefore governed by a contract including standard contractual clauses (SCCs) approved by the European Commission. Our client on-boarding team is based in India which does not have equivalent data protection laws to those applicable in Europe. The transfer of information to them is according to company rules that set out how we treat and protect information.

When you provide us with this information you are consenting that we may collect and use it in the way we've set out.

We will keep your information for as long as it is reasonably necessary. It will depend on factors such as whether you've still got an active account or any outstanding debt with us or have interacted with recent offers. We will retain and use your registration information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

We will only transfer data to jurisdictions outside the scope of the European General Data Protection Regulation (GDPR) where the appropriate safeguards set out in the GDPR are in place.

Your rights

You may have certain rights in relation to your information including a right to access or to correct the information we hold on you. Some of these rights will only apply in certain circumstances, however, such as the right to be forgotten or the right to request that we move your information to another company. They will generally not be available if there are outstanding contracts between us, if we required by law to keep the information or if the information is relevant to a legal dispute. If you would like to exercise or discuss any of these rights, please contact the Data Protection Officer.

You can remove consent, where you have provided it, at any time, as well as update any of your opt-in marketing preferences by phoning us on 0333 200 5100, or logging into your account on MyAccount;
You can ask us to confirm if we are processing your information;
You can ask for access to your information;
You can ask to correct your information if it's wrong;
You can ask us to delete your information;
You have a right to be forgotten and you can ask that our systems stop using your information;
You can ask us to restrict how we use your information;
You can ask us to help you move your information to other companies;
You can ask us to stop using your personal information, but only in certain cases;
You have the right to complain to the relevant supervisory authority.

Security and accuracy

We are committed to keeping your personal information safe. We've got physical, technical and administrative measures in place to prevent unauthorised access or use of your information. We also require that our suppliers protect such information from unauthorised access use and disclosure.

We will also routinely refresh our information to ensure we keep it up-to-date.

Website Privacy Policy and Cookie Policy

View our Website Privacy Policy.

Download

EDF Energy Bespoke Cookies

Bespoke cookies set by the EDF Energy website.

EDF Energy cookies

Bespoke cookies set by the EDF Energy website

Cookie name	Description	Expiry
EDF MyAccount Remember Me Username	Enables 'Remember me' functionality on login forms, when the option is selected.	1 year
cookie-agreed	Stores the response to the cookie notification popup.	never
has_js	Indicates to the page whether JavaScript is enabled.	never
utm	Stores the utm parameters from the URL for a period of 365 days.	1 year

MyAccount cookies

MyAccount cookies are essential and are used to enable you to move around your self-service area and use its features. Without these cookie services, parts of the MyAccount site may not function correctly.

Cookie Name	Description
SAPLB_*	saplb-Cookie is the load balancing identifier
JSESSIONID	jsessionid-Cookie is the J2EE session identifier
PORTALALIAS	My-account works with ALIAS names for navigation redirection purpose. When we do enable the portal alias in web.xml then the cookie gets generated by SAP application server
_utma, _utmb, _utmc, _utmz	Related to Google analytics cookie
MYSAPSSO2	Cookie gets generated as a part of logon to the SAP portal, generated by SAP application server
BNES*	Barracuda cookies which is duplicate of SAP cookies with digital signatures
BNIS*	Cookies from Barracuda with holds info on authentication
BNI_persistance	Cookies from Barracuda for load balancing
mgea mgft b2bpc b2bsup b2bct bpc bea bft bes bgs edfhash80 edfhash112	Temporary cookie stored to pass information between pageviews. Cleared immediately after being read
_#atc	Only for users in phone quote sales (not public users)

Website Analytics cookies

Website analytics cookies are used to identify how users interact with our site, so that we can see things like the most popular pages and the journey users take though our site.

DC Storm cookies

Non-Cross Domain Tracking: 1st Party Cookies
Non-cross domain tracking uses first party cookies only. These cookies are written in the domain of the site being tracked.

Cookie name	Description	Expiry
_#srchist	Stores the history of traffic sources the user has arrived to the site by	1000 days
_#sess	Stores information about the session	1000 days
_#vdf	Stores the visit definition – ts type, number of visits, expiry	1000 days
_#uid	Stores a user identifier (only within a site)	1000 days
_#slid	Unique sale ID	1000 days
_#clkid	Unique identifier for a click generating a landing	1 year
_#lps	Flags that the last page was secure and therefore has no referrer	20 min
_#tsa	Stores the referrer details to avoid duplicate Landing events	10 min
_#env	Flags whether the environment variables (screen size, browser etc) need to be collected again	30 days

Cross Domain Tracking: 3rd Party Cookies
Cross-domain tracking uses 3rd party cookies to enable spanning of domains. The availability of third party cookies is tested – if not available a 1st party cookie is used instead, with reduced tracking ability.

Cookie name	Description	Expiry
_#stc[site id]	This is the third party cookie used to store all the other cookie data in concatenated form. The Cookie’s name has the site ID in it.	1000 days
_#nxd	This is a 1st party cookie used when access to the third party cookie is blocked. It stores the data similar to the _#stc cookie.	1000 days

Google Analytics Cookies

Google Analytics cookies are written in the domain of the site being tracked.

Cookie name	Description	Expiry
_ga	This cookie name is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. The new service reduces the reliance on cookies in general, and only sets this and one other - _gat, although Google also say data can be collected without setting any cookies. This cookie is used to distinguishes unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners. sed to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.	2 years
_gat	This cookie name is associated with Google Universal Analytics, according to documentation it is used to throttle the request rate - limiting the collection of data on high traffic sites. It expires after 10 minutes. The main purpose of this cookie is: Performance	10 mins
__utma	This cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure.	2 years from set/update
__utmb	This cookie is used to establish and continue a user session with your site. When a user views a page on your site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on your site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on your site for longer than 30 minutes. You can modify the default length of a user session with the _setSessionCookieTimeout() method.	30 minutes from set/update
__utmc	This is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behaviour and measure site performance. It is not used in most sites but is set to enable interoperability with the older version of Google Analytics code known as Urchin. In this older versions this was used in combination with the __utmb cookie to identify new sessions/visits for returning visitors. When used by Google Analytics this is always a Session cookie which is destroyed when the user closes their browser. Where it is seen as a Persistent cookie it is therefore likely to be a different technology setting the cookie.	session
__utmt	This cookie is set by Google Analytics. According to their documentation it is used to throttle the request rate for the service - limiting the collection of data on high traffic sites. It expires after 10 minutes	10 mins
__utmv	This cookie is not normally present in a default configuration of the tracking code. The __utmv cookie passes the information provided via the _setVar() method, which you use to create a custom user segment. This string is then passed to the Analytics servers in the GIF request URL via the utmcc parameter. This cookie is only written if you have added the _setVar() method for the tracking code on your website page.	2 years from set/update
__utmx	This cookie is used by Website Optimizer and only set when the Website Optimizer tracking code is installed and correctly configured for your pages. When the optimizer script executes, this cookie stores the variation this visitor is assigned to for each experiment, so the visitor has a consistent experience on your site. See the Website Optimizer Help Center for more information.	6 months from set/update
__utmz	This cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site.	6 months from set/update

You can find the Google Analytics Opt-out Browser Add-on to opt-out.

Crazy Egg

Cookie name	Description	Expiry
is_returning	1st party cookie that does not include any Personally Identifiable Information to assess usage patterns on the website.	Persistent cookie that's stored on your computer in-between sessions

Maxymiser

Cookie name	Description	Expiry
mmcore.pd, mmcore.srv	Used to store anonymous identifiers. They enable the optimisation platform to remember a visitor and to serve them with the appropriate content while ensuring a fast load of the web page.	Persistent cookie that is stored on your computer in-between sessions
mmid, mmpa.rh, mmcore.id	These 3 cookies are obsolete. They were used in a previous version of the maxymiser platform, and will eventually expire within 12 months.	Persistent cookie that is stored on your computer in-between sessions
Maximyser-mmcore.tst, mmpa.tst	This cookie is used by the platform as a test to see whether or not browser settings allow cookies to be set on the end-user machine. Mmpa.tst is a previous version of the same cookie.	This is a session-basedcookie that is deleted when you leave the site.
mm_[description]	Sometimes maxymiser need to create a custom cookie to deliver particular functionality on the website. These are prefixed with mm_.	Persistent cookie that is stored on your computer in-between sessions

New Relic cookies

New Relic uses an enhanced version of the Episodes JavaScript library to perform browser measurements, the same library used by Google Analytics. Page load timing (sometimes referred to as real user monitoring or RUM) also creates the following cookies in end-user browsers.

Cookie name	Description	Expiry
NREUM	This cookie is only created in browsers that do not support the Navigation Timing API. When a browser supports the Navigation Timing API, a native interface can be used to determine navigation start time.	NREUM is a session cookie that is deleted when the browser closes.
NRAGENT	This cookie is created only when a token is handed out to an end user by the New Relic server. End user metrics are communicated to New Relic servers via a JSONP request from the browser (script retrieval). The returned JavaScript contains a call to set the token identifier which is written to the cookie on the next navigation (when the page unloads). This achieves a cross-domain communication between New Relic servers and the New Relic agent. This cookie is used to communicate between the New Relic server aggregating end user metrics and the agent(s) running in the associated web application. A token identifies and correlates application tier transaction traces with corresponding browser traces.	NRAGENT is a session cookie that is deleted when the browser closes.
JSESSIONID	The JSESSIONID cookie is used to store a session identifier so that New Relic can monitor session counts for an application. The cookie value is generated by Jetty.	JSESSIONID is a session cookie that is deleted when the browser closes.

SessionCam cookies

The following cookies are set when a user visits a website that SessionCam is recording:

Cookie name	Description	Expiry
sc.ASP.NET_SESSIONID	Session cookie which, allows us to maintain a session related to the end user	Session
sc.ASP.NET_SESSIONID	Session cookie which allows us to maintain a session over multiple domains.	Session
sc.UserId	Allows us to track repeat visits from end users	1 year
sc.Status	Allows us confirm that recording status	Session

Third party cookies

EDF Energy uses a number of suppliers who also set cookies on the edfenergy.com website on its behalf or on their own sites in order to deliver the services that they are providing. If you would like more information about the cookies used by these suppliers, please see the list below.

Liveperson.net

Cookie Name	Set by (domain)	Description	Expiry
HumanClickKEY	server.lon.liveperson.net liveperson.net	These cookies are set to maintain the visitor session and to track repeat visitors when they click to chat	1 year
HumanClick SiteContainerID
HumanClickACTIVE
LivePersonID

The companies listed below are some of the providers who work with website operators to collect and use information to provide online behavioural advertising.

Visit Your Online Choices — ad choices where you can use the buttons to control your online behavioural advertising preferences. You can turn off or turn on all companies or alternatively set your preferences for individual ones. By clicking on the button you can find out more about the company itself as well as its behavioural advertising status on the web browser you are using.

awin1.com

Cookie Name	Set by (domain)	Description	Expiry
Aw(merchantid) AWSESSawpv9	awin1.com	Save data for tracking	variable
(merchantid)		Holds link id of currently displayed banner	session
aw3		Identify the affiliate_id and click time	variable
AW		Identify referring affiliate	90 days
_aw_m_(clickid)		Track sale / lead	variable

Google

Cookie Name	Set by (domain)	Description	Expiry
HTTP code - Google Code for EDF Eco X Remarketing List	Google	marketing tag - this piece of code places a cookie on the users system so that we can retarget that particular user with display ads for a given period of time.	30 days
Numerous	apis.google.com, accounts.google.com	Provide functionality for Google+ share buttons, when on the page.	per page

iFAQ

Cookie Name	Set by (domain)	Description	Expiry
cp_session oracle.uix	Custhelp.com	Stores session specific user data.	Session

Kampyle

Cookie Name	Description	Expiry
session_start_time	The time and date that the push invitation was triggered	Session
k_visit	Counts the number of user visits	1 year
k_push8	A cookie that retains the 21 day invitation opt-out time limit. This is set if / when a user declines a proactive feedback push invitation	21 days
push_time_start	The time and date that the push invitation was triggered	Session
k_vectors	A shared visitor identifier used to support Omniture integration	Session
k_track	An identifirer used to support Funnel Reporting integration

Youtube

Cookie Name	Set by (domain)	Description	Expiry
Numerous	youtube.com	Provide functionality for YouTube videos, when played	per page

Addtoany

Cookie Name	Set by (domain)	Description	Expiry
_cfduid, _utma, _utmc, _utmz, page_services, uvc	static.addtoany.com	Provide functionality for social sharing icons, when on the page.	per page

Powervault

Cookie Name	Set by (domain)	Description	Expiry
woocommerce_cart _hash	batterystorage.edfenergy.com	Information about the cart and tracks when cart data changes	When the browsing session ends
woocommerce_items _in_cart	batterystorage.edfenergy.com	Information about the cart and tracks when cart data changes	When the browsing session ends
wpwoocommerce _session	batterystorage.edfenergy.com	Contains a unique code for each customer so that it knows where to find the cart data	48 hours
wordpress logged_in	batterystorage.edfenergy.com	Indicates when you're logged in, and who you are	When the browsing session ends
wordpresssec	batterystorage.edfenergy.com	Indicates when you're logged in, and who you are	When the browsing session ends

Radbot

Cookie Name	Set by (domain)	Description	Expiry
wc_cart_hash_#	trv.edfenergy.com	Information about the cart and tracks when cart data changes	Session
wc_fragments_#	trv.edfenergy.com	Stores visitor's login information so they don’t need to keep logging in if browser closed	Session

MyCampus cookies

Cookie Name	Description
MOODLEID1_*	encrypted username
MoodleSession	session name
_saml_idp	SAML domain cookie

How we protect your personal information

EDF Energy takes the protection of our customer’s information very seriously.

For security reasons, as with all organisations, it wouldn’t be appropriate for us to disclose specific details as to how we protect information. We’ve taken a ‘defence in depth’ approach to Information Security, especially regarding our online services.

Our systems are kept up-to-date and we test our online services to make sure they’re secure and that unauthorised access is prevented.

NNB third party privacy notice

EDF Group of the ESPS (the Group) Privacy Notice