Last updated: 24 May 2018
This policy (together with our terms and any other document referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed, shared and used by us, and how you can exercise your privacy rights. Please read the following carefully to understand our views and practices regarding your personal data.
This policy applies to personal information collected by The Renewable Energy Company Limited (which you know as Ecotricity), a company incorporated in England & Wales (registered no. 03043412) and whose registered office is at Lion House House, Rowcroft, Stroud, Gloucestershire, GL5 3BY. In these terms and conditions “Ecotricity”, “we”, “our” or “us” means Ecotricity, and “you” or “your” means you, our customer.
What does Ecotricity do?
Ecotricity is a renewable energy company supplying electricity to commercial and domestic customers (the “Services”).
For more information about Ecotricity, please see the Our story section of our website.
How we collect your information and why
Information that you provide voluntarily
We collect your personal information when you register with us to receive the Services, use the Services, and use our website under the domain name www.ecotricity.co.uk (the “Website”) or request information or assistance from us.
The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
Should you register to receive the Services, you will be asked to provide certain personal information. This may include your name, address, email, date of birth, certain financial information (including your bank account or bank card details and information that may affect your eligibility for credit), and other personal details that might be useful to us when considering which of our products and services might suit you. We might also request information that is relevant to our wider business, including your gender, interests, preferences and opinions.
Information that we obtain from third party sources
We may collect your personal information from third party sources, but only where we have checked that these third parties either have your consent, are otherwise legally permitted or required to disclose your personal information to us.
We may also collect information about you that is publicly available from public sources such as business directories.
Information that we collect automatically
When you use the Services we collect information about your activities, including the amount of electricity/gas you use, meter readings, peak demand and usage profile.
When you visit our Website, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.
Cookies we use
utm - these come from Google Analytics tools that record pages visited on our site. We use seven of these, (utma, utmb, utmc, utmx, utmxx, utmz, utmx_k) that show when, where and how you access our site.
eZSESSID - generated by the software we use to publish the website, it retains data in forms so we can make using our site easier for you
partner - we use this cookie so you can automatically take advantage of offers from partner organisations.
Voucher_code - We use this so you can automatically take advantage of offer vouchers you have selected.
Invite_code - We use this so you can automatically take advantage of invites you have selected.
SessionCam - These cookies are generated by the software we use to understand and improve the customers’ experience. It records information such as mouse clicks, mouse movements and page scrolling on our website. The recorded sessions are for Ecotricity internal use only and we do not collect any personal data in these sessions. The following link allows you to disable the SessionCam recording whilst on the Ecotricity website: https://sessioncam.com/choose-not-to-be-recorded/
Use of your information
Your information will enable us to supply Services to you and to give you access to all parts of the Website. It will enable us to manage our business and our relationship with you, including by verifying your identity, administering the Services, contacting you where necessary concerning your use of the Services and the Website, and handling any complaints or queries you may have. We will also use and analyse the information we collect so that we can administer, support, improve and develop our business and the Services.
We may use your information for financial reasons, including to invoice you, take card payments, administer your direct debit, manage any disputes over the money you owe us, assess whether you are eligible for credit, manage your credit account, recover any money that you may owe us and to minimise fraud or money laundering activities.
We may use your information to contact you for your views on the Services, to notify you occasionally about important changes or developments to the Services or the Website, or to tell you about new products or services supplied by Ecotricity or third parties that we think may be of interest to you. If you would rather not receive future marketing e-mails from us please let us know by emailing us at firstname.lastname@example.org.
Disclosure of your information
The information you provide to us will be held on our systems and may be accessed by or transferred to any entity in our corporate group, including any entity that acquires us or that we may acquire. This may include staff working outside the UK and third parties some of whom are located outside the European Economic Area. Such third parties process information, fulfil orders and provide support services on our behalf.
We may also transfer or disclose your personal information to our service providers, professional advisers and to such other parties as we consider necessary for the administration of the Services, the Website and related business.
Countries outside the European Economic Area do not always have strong as data protection laws and so we limit when we transfer data to them. If we do transfer data we will always take steps to ensure that your information is used by third parties in accordance with this policy and that we comply with applicable legal requirements to ensure adequate protection for your information. When we collect your personal information we may process it in any other countries. When transferring personal data we do so using contractual clauses which have been approved by the European Commission as adequately protecting the rights of data subjects or through other mechanisms that adequately ensure that your data protection rights are upheld.
Sometimes the law requires us to disclose your information. We will respond to request where our compliance is required by law or, we receive a request from a public authority or law enforcement agency, there is a threat to the safety of you or any other person or we suspect you of committing fraud.
We may transfer your personal data as a part of a corporate reorganisation, business sale, or other merger activity, but in those circumstances any recipient will be obliged by law to comply with this policy.
We will only otherwise disclose any of the information you provide to us when permitted to do so by applicable law or with your consent.
Legal basis for processing personal information
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, where we have your consent to do so, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person (for example, if we are asked to provide your telephone number or location data to the emergency services in an emergency situation).
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you use the Services our legal grounds for processing your personal information are summarised below:
|Legal basis for processing||Purposes of processing|
|Contract||Providing you with electricity and/or gas|
|Administering FIT payments|
|Set up and otherwise administer your account(s) for Services and products which we provide to you, this may include linking different Services which you receive from us|
|Contact you in connection with the Services and your account (including through the use of electronic communication, e-mail, SMS or telephone)|
|Legitimate interests||Marketing of our products and services – you have the right to object.|
|Credit Checking and assistance with credit applications that may be made by you or other members of your household you are connected to financially|
|Informing credit reference agencies about unpaid charges and debt, which information will be recorded and may impact your ability to obtain credit in the future|
|Assist with statistical analysis to assess and improve our Services and systems|
|Record calls made to our helpdesks and contact centres for staff training and improvements to our processes and services|
|Verify your identity when you make enquiries by phone, email or letter|
|Legal obligation||Complying with energy supply and distribution laws|
|Responding to requests by law enforcement authorities for access to your personal information|
|Protecting our businesses and other customers from fraudulent activities|
|Tracing and recovering debts and assessing claimsThe detection and prevention of theft, fraud, money laundering|
|Recording calls made to our helpdesks and contact centres for legal and regulatory requirements and security purposes|
|Vital interests||Protecting your vital interests or those of another person|
|Maintaining the priority services register|
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact our Data Protection Officer at email@example.com.
We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. Protection of the registration details and any debit or credit card information you give to us is a major priority. We have implemented a security policy that guards against unauthorised access. Data on our secure pages is encrypted using SSL technology.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential.
All your private data will be encrypted at all times whilst in transit over the Internet. SSL is special software that automatically encrypts any data sent by you on our secure pages. Our server then reads the data using a private key. This means that your data, be it debit or credit card information or any other personal details, is turned into code that can only be decoded with the private key or password. All pages on the site that require you to enter personal or sensitive information are secure. Your browser will indicate that the page is secure by displaying a padlock or key in the status bar at the bottom of the window. If your browser is suitably configured, you will receive a warning message when you first access any secure page on the site. This is simply information to advise you that the site is protecting your data.
Unfortunately, the transmission of information via the internet is not completely secure. Although Ecotricity will do its best to protect your personal data, it cannot guarantee the security of any personal data that you disclose online. You accept the inherent security implications of using the Internet and we will not be responsible for any breach of security unless we have been be in breach of applicable laws and then only to the limits set out in the terms and conditions for the Website.
We will retain your information for as long as you continue to use the Services and for a period of 6 years (or as long as the law requires) after your account has closed. We may decide it is necessary to retain your information for the purpose of resolving disputes or payment issues, or because it is still useful to us to analyse your use of the Services.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Access to information
You are entitled to access, correct or update of your personal information, you can do so at any time by contacting us using the contact details provided under the “Contact” heading below.
In addition, in certain circumstances you can object to processing of your personal information, request deletion of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “Contact” heading below.
You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “Contact” heading below.
Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain about our collection and use of your personal information. In the first instance you should contact our Data Protection Officer by emailing firstname.lastname@example.org.
In the event that you are unhappy with the Data Protection Officer’s response you may raise your concerns with the Information Commissioners Office.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
All comments, queries and requests relating to our use of your information are welcomed, using the following details:
The Data Protection Officer Ecotricity The Renewable Energy Company Limited Lion House Rowcroft Stroud GL5 3BY