Last updated: 18 March 2021
This policy (together with our terms and conditions for supply and any other document referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed, shared and used by us, and how you can exercise your privacy rights. Please read the following carefully to understand how we look after your personal data.
This policy applies to personal information collected by Ecotricity Group Limited (registered no.03521776) and its subsidiary Ecotricity Limited, a company incorporated in England & Wales (registered no. 03043412) and whose registered office is at Lion House House, Rowcroft, Stroud, Gloucestershire, GL5 3BY. In these terms and conditions “Ecotricity”, “we”, “our” or “us” means Ecotricity Limited, and “you” or “your” means you, our customer.
Ecotricity Group Limited is registered with the ICO with registration number ZA021407 and Ecotricity Limited is registered with the ICO registration number Z5614614.
What does Ecotricity do?
Ecotricity is a renewable energy company supplying electricity and gas to commercial and domestic customers (the “Services”)
For more information about Ecotricity, please see the Our story section of our website.
How we collect your information and why
Personal Data means any information about an individual from which that person can be identified. It does not include data which has been anonymised.
We may collect, use, store and transfer different kinds of personal data about you, as follows:
|Type of data||Data required|
|Identity Data||First name|
|Username or similar identifier|
|Date of birth|
|Contact data||Billing address|
|Financial data||Bank account and payment card details|
|Data relating to your eligibility for credit|
|Transaction data||Details about payments to and from you|
|Other details of products and services you have purchased from us|
|Technical data||Your internet protocol (IP) address|
|Your login data, browser type and version|
|Time zone setting and location|
|Browser plug-in types and versions|
|Operating system and platform|
|Profile data||Your username and password|
|Purchases or orders made by you|
|Your interests, preferences, feedback and survey responses|
|Information about how you use our website, products and services (including our energy)|
|Marketing and communications data||Your preferences in receiving marketing from us and our third parties|
|Your communication preferences|
|Special category data||Details about your health (see below)|
The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
Information that you provide directly
We collect your Identity, Contact, Financial and Transaction Data when you contact us to enquire about our Services, register with us to receive the Services, use the Services, use our website under the domain name www.ecotricity.co.uk (the “Website”) or request information or assistance from us.
You may be required to provide us with Usage Data directly, in the form of meter readings.
Information that we obtain from third party sources
We may collect your personal information, particularly Financial Data, from third party sources, but only where we have checked that these third parties either have your consent, are otherwise legally permitted or required to disclose your personal information to us.
We may also collect information about you, including Identity and Contact Data, that is publicly available, for example, from business directories.
Information that we collect automatically
When you use the "Services" we may collect Profile and Usage Data automatically, including data about the amount of electricity/gas you use, meter readings, peak demand and usage profile from your meter(s)
When you use the Website, we collect Technical Data about your activity by using cookies and similar tracking technologies.
How to manage your cookies
We use the following Cookies
utm - these come from Google Analytics tools that record pages visited on our site. We use 7 of these, (utma, utmb, utmc, utmx, utmxx, utmz, utmx_k) that show when, where and how you access our site.
eZSESSID - generated by the software we use to publish the Website, it retains data in forms so we can make using our site easier for you
partner - we use this cookie so you can automatically take advantage of offers from partner organisations.
Voucher_code - We use this so you can automatically take advantage of offer vouchers you have selected.
Invite_code - We use this so you can automatically take advantage of invites you have selected.
Use of your information
We will only use your Personal Data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
to supply information about our Services to you;
to give you access to all parts of the Website;
to register you as a new customer;
to manage our contract and our relationship with you, including by verifying your identity, administering the Services, contacting you where necessary concerning your use of the Services and the Website, and handling any complaints or queries you may have;
to invoice you, take card payments, administer your direct debit, manage any disputes over the money you owe us, assess whether you are eligible for credit, manage your credit account, recover any money that you may owe us and to identify and prevent fraud or money laundering activities;
for our legitimate interests, including to administer, support, improve and develop our business and the Services;
to contact you for your views on the Services;
to notify you occasionally about important changes or developments to the Services or the Website;
to tell you about new products or services supplied by Ecotricity or third parties that we think may be of interest to you. If you would rather not receive marketing e-mails from us please let us know by emailing us at email@example.com.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with this policy, where this is required or permitted by law.
Disclosure of your information
Your Personal Data will be held on our systems and may be accessed by or transferred to any entity in our corporate group, including any entity that acquires us or that we may acquire. This may include staff working outside the UK and third parties, some of whom are located outside the European Economic Area. Such third parties process information, fulfil orders and provide support services on our behalf a list of third parties relevant to your account can be made available on request.
We may transfer your personal data as a part of a corporate reorganisation, business sale, or other merger activity, but in those circumstances any recipient will be obliged by law to comply with this policy.
We may also transfer or disclose your personal information to our service providers, professional advisers and to such other parties as we consider reasonably necessary for the administration of the Services, the Website and related business.
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes, and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Countries outside the UK and European Economic Area do not always have strong data protection laws which afford adequate protection to individuals’ personal data, and so we limit when we transfer data to them. When data is transferred internationally, we will always take steps to ensure it is afforded an adequate degree of protection by ensuring that at least one of the following safeguards is implemented;
- We will only transfer your Personal Data to countries that have been deemed to provide an adequate level or protection for personal data by European Commission or other national body.
- We may use specific contracts approved by the European Commission, which give Personal Data the same protection it has in the UK and Europe.
Sometimes we are required or compelled to disclose your information. We will respond to requests (in each case, limiting disclosure to the extent required) where:
- our compliance is required by law;
- we receive a request from a public authority or law enforcement agency;
- there is a threat to the safety of you or any other person; or
- we suspect you of committing a criminal offence, including fraud.
- We will only otherwise disclose any of the information you provide to us when permitted to do so by applicable law or with your consent.
Legal basis for processing personal information
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
We will normally collect personal information from you only where we need the personal information to perform a contract with you, where we have your consent to do so, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person (for example, if we are asked to provide your telephone number or location data to the emergency services in an emergency situation).
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information)
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
The legal bases on which we process your personal information are summarised below:
|Legal basis for processing||Purposes of processing|
|Contract||Providing you with electricity and/or gas|
|Administering FIT payments|
|Providing and running Customer helplines|
|Setting up and otherwise administering your account(s) for Services and products which we provide to you, this may include linking different Services which you receive from us|
|Contacting you in connection with the Services and your account (including through the use of electronic communication, e-mail, SMS or telephone)|
|Tracing you, where we are unable to make contact with you using the details we hold|
|Legitimate interests||Verifying your identity when you make enquiries by phone, email or letter|
|Marketing of our products and services to existing customers- You have the right to object|
|Contacting you in relation to a quotation in respect of the Services we provide|
|Credit checking to confirm your eligibility to receive the Services from us, and assisting with the provision of reference information in relation to credit applications that may be made by you or other members of your household you are connected to financially|
|Informing credit reference agencies about unpaid charges and debt, which information will be recorded and may impact your ability to obtain credit in the future|
|Commencing legal or recovery proceedings against you to recover unpaid charges, where this is necessary|
|Assisting with statistical analysis to assess and improve our Services and systems|
|Recording calls made to our helpdesks and contact centres for staff training and improvements to our processes and services|
|We or third parties working on our behalf may contact you for market research purposes|
|Legal obligation||Complying with energy supply and distribution laws|
|Responding to requests by law enforcement authorities for access to your personal information|
|Protecting our businesses and other customers from criminal or fraudulent activities|
|Enforcing a judgment of a court of law|
|The detection and prevention of theft, fraud, and money laundering offences|
|Recording calls made to our helpdesks and contact centres for legal and regulatory requirements and security purposes.|
|Vital interests||Protecting your vital interests or those of another person|
|Maintaining the priority services register|
|Preventing damage to your property, or to neighbouring properties|
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact our Data Protection Officer at firstname.lastname@example.org.
We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. Protection of the registration details and any debit or credit card information you give to us is a major priority. We have implemented a security policy that guards against unauthorised access. Data on our secure pages is encrypted using SSL technology.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential, and for letting us know if you think that your password has been compromised.
All your private data will be encrypted at all times whilst in transit over the Internet. SSL is special software that automatically encrypts any data sent by you on our secure pages. Our server then reads the data using a private key. This means that your data, be it debit or credit card information or any other personal details, is turned into code that can only be decoded with the private key or password. All pages on the site that require you to enter personal or sensitive information are secure. Your browser will indicate that the page is secure by displaying a padlock or key in the status bar at the bottom of the window. If your browser is suitably configured, you will receive a warning message when you first access any secure page on the site. This is simply information to advise you that the site is protecting your data.
Although Ecotricity will do its best to protect your personal data, it cannot guarantee the security of any personal data that you disclose online. You must accept the inherent security implications of using the Internet and we will not be responsible for any breach of security unless we have been be in breach of applicable laws and then only to the limits set out in the terms and conditions for the Website.
If you are a Customer, we will retain your information for as long as you continue to use the Services and for a period of 6 years (or as long as the law requires) after your account has closed. We may decide it is necessary to retain your information for longer for the purpose of resolving disputes or payment issues, or because it is still useful (in an anonymised form) to us to analyse your use of the Services.
If you have requested information about the Services we provide, for example a quotation, we will retain your information for a period of up to 6 months from the provision of the information requested, after which your personal data will be deleted, providing that there is no ongoing legitimate reason for us to retain it.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until permanent deletion is possible.
Access to information
You are entitled to access, correct or update your personal information. You can do so at any time by contacting us using the contact details provided under the “Contact” heading below.
In certain circumstances you can object to our processing of your personal information, request deletion of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “Contact” heading below.
You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “Contact” heading below.
If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on other lawful grounds.
You have the right to complain about our collection and use of your personal information. In the first instance you should contact our Data Protection Officer by emailing email@example.com
In the event that you are unhappy with the Data Protection Officer’s response you may raise your concerns with the Information Commissioner’s Office at https://ico.org.uk/concerns/
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
All comments, queries and requests relating to our use of your information are welcomed, using the following details:
The Data Protection Officer
The Renewable Energy Company Limited
Customer Services hotline
Within the UK:
0345 555 7100
Outside the UK:
+44 3455 557 100
For EEA based Nationals, please contact our European Representative. Details are as follows:
Company Name: Instant EU GDPR Representative Ltd
Company Number: 665191
Contact Name: Adam Brogden
Contact Email: firstname.lastname@example.org
Contact Tel: +353 (0) 15549700
EU Dublin Address: INSTANT EU GDPR REPRESENTATIVE LTD, 69 Esker Woods Drive, Lucan Co. Dublin, Ireland