Customers Privacy Notice
EDF Energy Customers Limited ("we") respects your privacy and values the trust you place in us when you share your personal information with us. This policy sets out how we, as data controller, collect and use your personal information, why we use it, with whom we share it, the rights to which you may be entitled and your choices about our use of your personal information, that may arise from you buying and using our products and services.
This policy will be changed from time to time but if we change anything important about this policy (the information we collect, how we use it or why) we will highlight these changes in bold text for a reasonable length of time following the change.
If you have any questions or need any further clarity, please get in touch with our Data Protection Officer: email@example.com or at 90 Whitfield Street, London WIT 4EZ.
We collect certain types of information from you, or about you, throughout our interaction with: you, third party service providers or publicly-available sources. This information often consists of things like your name, address and contact details, but can also include consumption data and metering information. We use this information for the activities we have listed in the table below: in order for us to provide our services; comply with legal and regulatory obligations; for marketing and reporting purposes; prevention of fraud and investigation of complaints.
We use this information for various activities in order to: provide our services; comply with legal and regulatory obligations; for marketing and reporting purposes; prevention of fraud and investigation of complaints, including those activities we have listed in the table below.
What we collect
This category of information we collect about you includes:
How we use it
We use this information for certain activities, including to:
Why we use it
We use this information because:
Information that you give us in order for us to set up and manage your account:
Information about the way you use our services:
Information we collect from third-party partners and corporate customers which could include:
Information that we collect from you in order to comply with all relevant laws, regulations, industry codes and government instructions, and to deal with complaints:
Information when you communicate with us whether in person, through our website or via email, over the phone, through social media or via any another medium, including:
Information that we collect incidentally from other sources or public sources, including:
Automated decision making
We may make automated decisions on certain matters. For example, we may do this to decide whether we can provide our services to you based on our group records or a credit check. This will be informed by credit scoring where we share your information with credit reference agencies, screening on databases and confirmation of your information (including by third parties). Depending on the outcome of the credit check, a decision will be reached automatically as to whether we are able to provide products or services to you based on your creditworthiness.
If this information is not provided we cannot agree to provide a product or service for you.
Information we share
There are certain circumstances where we may transfer your personal data to employees, contractors and to other third parties Some examples of when your personal information is transferred to other third party organisations are as follows:
- We may share information about you with other members of our group of companies so that we can provide the best service across our group. They are bound to keep your information in accordance with this Privacy Notice;
- We may also share your information with certain contractors or service providers and they may process your personal data for us. They are always required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function. View a list of these entities.
- If we're discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality – or if sold, to buyers who can continue to provide services to you;
- If we're required to by law, or under any regulatory code or practise we follow, or if we are asked by any public or regulatory authority – for example, the Police; Ofgem or BEIS – or to defend any legal claims;
- Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data
- If you have an account with us we may share information about you and your account (including details of any outstanding debt or borrowing) with the below credit reference agencies. The identities of the credit reference agencies, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the credit reference agencies are explained in more detail in the Credit Reference Agency Information Notice (CRAIN). CRAIN is accessible from each of the three credit reference agencies by clicking on the CRAIN links below.
- TransUnion (formerly Callcredit), Customer Relations, One Park Lane, LEEDS, LS3 1EP Phone: 0330 024 7574. Websites: Transunion, CRAIN.
- Equifax PLC Credit File Advice Centre PO Box 3001 Bradford BD1 5US Phone: 0870 010 0583 Website: Credit Scores, Reports and History (Equifax UK). CRAIN: Credit Reference Agency Information Notice (CRAIN) (Equifax UK).
- Experian Consumer Help Service PO Box 8000 Nottingham NG80 7WF Phone: 0870 241 6212 Website: Experian. CRAIN: Credit Reference Agency Information Notice (CRAIN) (Experian).
If you decide to change suppliers, we may share such information with the new supplier.
- Details in relation to how this information will be used can be obtained directly from the credit reference agencies. Please note their information uses may not be the same for each so it is worth contacting them all; they may charge you a small statutory fee.
- Your personal data will be shared with the Department for Business, Energy and Industrial (BEIS) to support administration of the Energy Bills Support Scheme (EBSS). Such data sharing will consist of your meter point number, status of your EBSS payments and data relating to your meter point including your billing cycle and how you pay your bill. BEIS is collecting and processing this information in the public interest and in exercise of official authority vested in the Secretary of State for BEIS.
- You can find more information on how BEIS will use your personal data in the BEIS Privacy Notice.
- For non-domestic customers who do not operate as limited companies, your personal data will be shared with the Department for Business, Energy and Industrial (BEIS) to support administration of the Energy Bill Relief Scheme (EBRS). Such data sharing will include your meter point number, the status and amount of your EBRS payments and data relating to your meter point including your billing cycle and how you pay your bill. BEIS is collecting and processing this information in the public interest and in exercise of official authority vested in the Secretary of State for BEIS.
- You can find more information on how BEIS will use your personal data for the EBRS in the BEIS Privacy Notice.
- For customers who have a smart meter installed or enter into a new contract with us, in the future we’ll be able to use your half hourly smart meter data to help meet our net zero targets and manage a smarter more flexible energy system. This is planned by Ofgem to start in 2024/2025. We’ll write to eligible customers nearer the time to tell you more about this and how it will work.
Where your information will be held
When we share your information, your information may be transferred outside the European Economic Area.
We store our information on cloud servers located in the USA, or engage vendors which do not always have equivalent data protection laws to those applicable in Europe. The transfer of this information is therefore governed by a contract including standard contractual clauses (SCCs) approved by the European Commission. Our client on-boarding team is based in India which does not have equivalent data protection laws to those applicable in Europe. The transfer of information to them is according to company rules that set out how we treat and protect information.
When you provide us with this information you are consenting that we may collect and use it in the way we've set out.
We will keep your information for as long as it is reasonably necessary. It will depend on factors such as whether you've still got an active account or any outstanding debt with us or have interacted with recent offers. We will retain and use your registration information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We will only transfer data to jurisdictions outside the scope of the European General Data Protection Regulation (GDPR) where the appropriate safeguards set out in the GDPR are in place.
You may have certain rights in relation to your information including a right to access or to correct the information we hold on you. Some of these rights will only apply in certain circumstances, however, such as the right to be forgotten or the right to request that we move your information to another company. They will generally not be available if there are outstanding contracts between us, if we required by law to keep the information or if the information is relevant to a legal dispute. If you would like to exercise or discuss any of these rights, please contact the Data Protection Officer.
- You can remove consent, where you have provided it, at any time, as well as update any of your opt-in marketing preferences by phoning us on 0333 200 5100, or logging into your account on MyAccount;
- You can ask us to confirm if we are processing your information;
- You can ask for access to your information;
- You can ask to correct your information if it's wrong;
- You can ask us to delete your information;
- You have a right to be forgotten and you can ask that our systems stop using your information;
- You can ask us to restrict how we use your information;
- You can ask us to help you move your information to other companies;
- You can ask us to stop using your personal information, but only in certain cases;
- You have the right to complain to the relevant supervisory authority.
Security and accuracy
We are committed to keeping your personal information safe. We've got physical, technical and administrative measures in place to prevent unauthorised access or use of your information. We also require that our suppliers protect such information from unauthorised access use and disclosure.
We will also routinely refresh our information to ensure we keep it up-to-date.
EDF Energy Bespoke Cookies
Bespoke cookies set by the EDF Energy website.
How we protect your personal information
For security reasons, as with all organisations, it wouldn’t be appropriate for us to disclose specific details as to how we protect information. We’ve taken a ‘defence in depth’ approach to Information Security, especially regarding our online services.
Our systems are kept up-to-date and we test our online services to make sure they’re secure and that unauthorised access is prevented.