Our Privacy Policy

Last updated: 25 August 2020

Find what you’re looking for

Contents page

             Introduction: protecting your data

1.0       The data we collect and how we do this

2.0       How we use your personal data

             2.1     Reasons

             2.2      Green Deal

             2.3      Marketing

 3.0       How we use smart meter data

             3.1      Here’s how we use energy consumption data, given to us by your smart meter

             3.2      How often your smart meter sends us readings

 4.0       How we use your sensitive personal data

             4.1      How we look after you and others in your home

             4.2      Criminal offences data

 5.0        The data we get from third-party sources

 6.0        The legal bases for data processing

 7.0        Automated decision making

             7.1      To decide your Home Services cover renewal price

             7.2      To make credit decisions

             7.3      For the Warm Home Discount

             7.4      How to appeal

 8.0       Who we share your personal data with

 9.0       How your personal data is sent outside of the European Economic Area

             9.1      The ways we protect your data when we send it

 10.0     How long we keep your personal data

 11.0     Protecting your personal data

 12.0     How we might change this privacy policy

 13.0     The choices and rights you have, when it comes to your personal data

              13.1    Exemptions

              13.2   Response

 14.0      Getting in touch with us

              14.1    Our contact details

              14.2    Data Protection Officer (DPO)

              14.3    Information Commissioner’s Office (ICO) 

Your data is in safe hands

Our customers are at the centre of everything we do. So, as well as giving you excellent value and the best service around, we’re committed to protecting your privacy.

This privacy policy is here to help you understand what data we collect, why we collect it, and what we do with it. Please read carefully, because it tells you some important stuff – about how we handle your personal data, and the steps you can take to look after it. 

This privacy policy applies to the following brands: OVO Energy, SSE Energy Services, and Boost. SSE’s GB domestic retail business is now part of the OVO family too. This includes SSE’s domestic energy plans, as well as phone and broadband offers, and home services (that’s boiler and heating cover). Our associated brands of SSE Energy Services, Southern Electric, Scottish Hydro, SWALEC, and Atlantic are trading names within the OVO family. 

The boring bit:

The responsible data controllers are: OVO Electricity Limited (No. 06858121); OVO Energy Ltd No (06890795); OVO (S) Gas Limited (No. 02716495); OVO (S) Home Services Limited (No. SC292102); OVO Gas Ltd (No. 06752915); OVO (S) Metering Limited (No. SC318950); OVO (S) Retail Telecoms Limited (No. 10086511); OVO (S) Energy Solutions Limited (No. SC386054); OVO (S) Energy Services Limited (No. 11046212); OVO Energy France SAS (No.497 933 408); OVO Energy (Netherlands) B.V.

(No. 74401882); OVO Energy (Italy) S.r.l. (No. M-2547933); OVO Energy Spain S.L.L. (No.B67365239); and OVO Energy Germany GmbH (No. HRB 214840 B). When we refer to “we”, “us”, and “our”, we mean any one or more of those data controllers, as appropriate. By “you” or “your” we mean any individual, sole trader and/ or partnership that gets products or services from us, uses our website, or interacts with us in another way. This privacy policy supplements, or may be supplemented by, other privacy policies we might give you – but it doesn’t replace them. 

If you have any questions, comments, or concerns about this policy, we’d love to hear them. Get in touch anytime: our contact details are in section 14.

Thanks for reading! We hope this policy helps.

1.0 The data we collect and how we do this

We (or third parties who act on our behalf) collect your personal data when you use our website, talk to us over the phone, by letter, by email, on social media, or in person, receive our products and/or services, or ask to join schemes which you’re eligible for.

We might collect the following data:

Types of data we might collect from youWhat this data covers
Your contact details and the contact details of people associated with your account. Remember: if you give us someone else’s personal data, make sure you always have their permission.Full name
Email address
Billing address
Property address
Phone number – we automatically collect the number you use when you get in touch with us. If we don’t already have this information, we might add it to your account, once we’ve taken steps to make sure it’s definitely yours.
Any other relevant info we need in order to know that it’s you and be able to contact you directly Details of a secondary contact, such as nominees or attorneys (for example, their name and number)
Your account data and the account data of other people associated with your account. Remember: if you give us someone else’s personal data, make sure you always have their permission.Unique account number
Date of birth
Title
National Insurance number
Whether you’re a homeowner or renting
Survey responses
Energy Performance Certificate (EPC) data
Photos of your meter
Information about any other accounts you have for gas, electricity, broadband or telephone, including the name of the supplier and payment methods
Conversations we have with you, including phone calls and emails, which might be monitored or recorded
Household details and property type
Complaints and/or incident details
Appointment details
Notes added to your account
Financial dataBank account details
Your credit history
Details of state benefits you receive
Technical dataInternet protocol (IP) address, used to connect your computer to the internet
Login data (like your username and password)
Your browser, and which version of the browser you’ve got, plus which devices you use to access our websites
Your time zone setting
Operating system and platform
Your behaviour on our website or app (for example, the pages that you click on, page response times, download errors, length of visits to pages, and how you interact with pages)
Your rough location when you connect to our websites (this will just be the city or county you’re using your device in)
We track technical data by using cookies
If you have an electric car we may collect the following data to provide you with services: car make, model, battery capacity & efficiency, kWh used by the charger from the grid and from the home (local power generation) kWh and minutes boosted.
Optimisation dataFor some products and services, such as Energy Spotlights and our Carbon Tracker, we might ask you to give us extra data about your home and lifestyle, to make sure you get the most out of whatever you’re using. This includes data like:

Number of people and rooms in your home
What type of heating system you have
What and how much you recycle
Which transport you use
Marketing and communications dataYour preferences in receiving marketing from us and third parties
Your communication preferences
Energy supply dataThe date we start supplying your energy
Technical meter details
Meter Point Administration Number (MPAN) for electricity customers
Meter Point Reference Number (MPRN) for gas providers
Your plan
Energy usage (like meter readings, and units of gas and electricity used over a period of time)

If you’ve got a smart meter:
Your energy consumption data (go to section 3 for more details)
Sensitive types of dataData about your needs and the needs of other people in your household. This helps us understand if you have any special requirements. For example, this data might cover age, disabilities, health and/or any financial vulnerability. And if it applies to you, we might add you to the Priority Services Register.

If we think that someone might have committed fraud or stolen energy from us (for example, by tampering with a meter or diverting an energy supply) we’ll record this information (Go to section 4 for more details.)
Other types of dataIf you’re a broadband customer, we collect your Migration Authorisation Code, which gives us important information about your internet connection

If you’re applying for Help to Heat Group benefits, we need a mortgage statement

If you want to attend one of our sponsored events, we might need venue and dietary preferences, accessibility needs, and an emergency point of contact

If you speak to us through social media, we take your name and store a link to your social media profile, which we keep with details of your previous conversations with us

If we (or our third-party suppliers) visit your home, we might collect personal information about you or people in your household. For example, we might record information, if we think you or someone in your household could benefit from the Priority Services Register.

If you register an account for services with us, we create customer ID numbers for you and record these, as well as the date of your application

If you’re part of the OVO Group Feed-in Tariff (FIT) Scheme or Smart Export Guarantee (“SEG”) Scheme, we’ll gather the following: regular generation/export meter readings; generation/export meter details; data needed for identification and address checks; details of company affiliations; details of nominated people; contract details; micro generation certification scheme information; and (where necessary) EPC information for the property.

All aggregated data is anonymised, so it never reveals your identity.

2.0 How we use your personal data

Here’s some more info about how we actually use your data.

2.1 Reasons

We might use your data for the following reasons (‘we’ includes our agents, and third parties too – but only in certain areas):

Our reason for using your dataMore details on what we need this for
To serve your accountTo identify you

To give you relevant products and/or services, benefits, and rewards

To give you information about the amount of each service you’ve used, and which charges will apply. For example, how much electricity or gas you’ve used and what this will cost.

For replying to any questions or issues you have

To talk to you about your account, whether that’s via post, email, your online account, SMS, live chat, other kinds of electronic communication (including messages sent through a smart meter), or by visiting you (to take a meter reading, for example)

To predict the amount of energy you’re likely to use in any period of time

For deciding which products and/or services, and which terms and conditions, we can offer you. For example, if you ask for a certain plan, we’ll check to see if it works for you.

We’ll use data collected from your smart meter to work out your bills, to identify you, and to prevent fraud or energy theft. If you’ve got a smart meter, you’ll find more details about how we use your information in our terms and conditions, as well as in our Smart Meter Data Charter.

When you switch to us from your last energy supplier, or when you switch away from us to a new one

To spot and prevent crime, fraud, or loss

So you can use interactive online features

As part of arranging and carrying out visits to your property (such as for reading meters)

To give you incentives or run a loyalty scheme
To help us improveFor training our team and improving our products and services, which might mean we monitor and record conversations we have with you (like phone calls, emails, SMSs, and live chats)

When using data analytics to understand and improve the way we do things as a business

To carry out market research, and to get in touch with you about this (for example, when doing customer satisfaction surveys and questionnaires)

To create internal reports or profiles, while analysing information for forecasting and marketing purposes

When we’re conducting trials of technology and infrastructure, to help develop and improve products and services
To keep in contactFor us (or authorised third parties) to get in touch with you, about our services and/or products – such as to send you info when you sign up or change plans, service announcements, and administrative messages

To contact you (by letter, phone call, SMS, or email) with details of products and services that we or members of OVO Group offer, which are similar to those that you have already, or to give you info about services or products you’ve opted in to getting from us

To see if you’d like any help when you start but don’t finish our sign-up journey, or when you’ve asked for a quote from us
To support our businessTo ensure the health and safety of you, our team, and contractors

When using Feed-in Tariff (FIT) data to register an installation on the FIT scheme through the Central FIT Register, when acting as administrators and facilitating payments through this scheme, and when acting as a mandatory licensed supplier for the SEG (Smart Export Guarantee) scheme

To comply with any procedures, laws, and regulations that apply to us – including where we think it’s in our best interests to comply (or in the interests of others)

To allow for internal corporate reporting, business administration, adequate insurance coverage, the security of company facilities, research and development, and to find business efficiencies and put these into practice

To establish, exercise, or defend our legal rights – including where we think it’s in our best interests (or in the interests of others)

When your letting agent has given us personal information about you, we might need to share this with your local council and water authority – so they can get in touch with you about any tax or charges

To help with system maintenance, testing, and training

To run credit checks and check your credit score, which might affect the services we offer you

To carry out or help with fraud prevention, identity or money laundering verification, and legal enforcement when needed

To go after any money owed to us, and manage our debt collection and recovery activities

To administer and protect our business, and to manage and protect our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data)



2.2 Green Deal

If you’re an SSE Green Deal customer, you’ll find out more about how we use your data in our Green Deal Privacy Charter.

2.3 Marketing

Unless you’ve opted out, we might get in touch with you about our products, services, events, and rewards. This could be by email, letter, phone call, or SMS. We might also contact you with info about other companies in OVO Group – and, sometimes, about our carefully chosen partners too. We identify them when we collect your data. When we need your consent to get in touch with you, we’ll always make sure we have this.

Unless you’ve opted out, we might also use your personal data to show you digital advertisements via your social media feed, on search engine results pages, or on   other websites.

And finally, unless you’ve opted out, we might use your data to give you marketing and offers that are tailored to you. If you do opt out of this, we’ll still analyse your data, but we won’t use this analysis to market anything to you. We could send you generic marketing, which might not be relevant to you.

You can say no to us using your data for direct marketing reasons, or you can opt out of getting marketing messages. Just get in touch – anytime. Our contact details are in section 14.

Sometimes, we’ll remind you that you can update your preferences for how you’d like us to send marketing info. Or, if you haven’t told us what your preferences are, we might get in touch to find out.

3.0 How we use smart meter data

3.1 Here’s how we use energy consumption data, given to us by your smart meter

We’ll use your energy consumption data that we get remotely from your smart meter for all the following reasons:

  • To calculate your energy use

  • To create bills based on real readings

  • For industry reasons, and to predict the demand for energy

  • To give you information and feedback about your energy use, as well as how you could manage your energy use better and save money

  • To track trends in energy use, analyse your energy data, and to compare it over time with other customers’ energy use. This is so we can create tailored products and services for you.

  • To spot faults when they happen and fix these faster, as well as any other issues with your meter

  • To give you interactive tools to analyse your energy use through your online account, or through communications we might send you (like when we send you energy-saving advice)

  • To give you tailored advice on how to lower the amount of energy you use, based on your energy use specifically

  • To carry out internal reporting, modelling, and analysis so we can understand our customers better

3.2 How often your smart meter sends us readings

You can choose how often your smart meter sends us readings, before you get your smart meter installed. If you switch to us from another energy supplier, we might get in touch with you to chat about your preferences for smart meter data collection.

You don’t have to give us readings frequently, if you don’t want to. But, if that’s the case, we might not be able to give you some of our products and services. Or, at the very least, your use of some products and services could be limited.\   Your options are:

  • Half hourly – you smart meter will record info every 30 minutes and send this to us once a day
  • Daily – your smart meter will send us a reading once a day
  • Monthly – your smart meter will send us a reading once a month. Please note, this is the lowest level of data we’re allowed to take for billing and regulatory reasons. If you choose this option, we’ll also take ad hoc daily meter reads – as and when we need to, so we can make sure we’re serving you properly (for example, to keep billing you accurately, or if we need to use the data to answer a question, or if we think your smart meter isn’t working properly).

We might also get smart meter readings when:

  • Your prices change
  • You move to another one of our energy plans
  • You move home
  • You ask us to do so
  • You switch to another supplier

You can always change how often we collect energy data from your smart meter. If you do, this will take up to 5 days to carry out, from the date that you contact us.

4.0 How we use your sensitive personal data

We treat some of the data we collect about you as extra sensitive. This could be about your needs, or details of criminal offences (see section 1). We’ll only use this data in the following ways:

4.1 How we look after you and others in your home

We collect data about you and other people in your household, to make sure we’re aware of any needs you might have. This could be data on age, health, or disability, for example. With your permission, we could use this helpful data to:

  1. Look after you and others in your household. For example, to make sure we don’t turn off your power. And so we can respond in the right way, if there’s an emergency situation.
  2. Give you products and/or services in a way that suits you, like if you need large print or braille
  3. Assist staff and third-party contractors
  4. Make sure you have the best experience when you come to an OVO event – let’s say, if we need to make sure the space is easily accessible for you

With your permission, we might share this data with the following people or\ organisations:

  1. The electricity distributor (who will also give us this data) via the Priority Services Register

  2. The relevant gas transporter (who will also give us this data), engineers, or the network operator via the Priority Services Register

  3. When using an outsourced service company that manages a wide range of energy industry data, for us

  4. Social services, charities, health care services, and other support organisations

  5. And/or other relevant organisations – such as emergency responders or local authorities, which might be able to give you support

4.2. Criminal offences data

We use details of any criminal offences you’ve been accused of, together with information about whether the gas or electricity supply to your property has been tampered with or stolen in the past (or if we think it has), for the following reasons:

  1. To make decisions about which products and services we can offer you, as well as the relevant terms and conditions

  2. To make decisions about whether to disconnect your energy supply

  3. To spot and prevent fraud or crime, with the help of any third parties when needed

5.0. The data we get from third-party sources

We also get your personal data from the following third-party sources:

Types of third-party sourcesThe kind of data we get from these
Other energy suppliersMeter readings
Payments from your existing energy supplier, when you ask to switch to us
We might also get details of suspected fraud or energy theft, so we can spot and prevent fraud or crime
National databases (ECOES, Xoserve, and PAF)We might get details like your MPAN and other information about your energy supply, to help if you’re going through the process of switching suppliers. And to access this info, we might use a third party.
Debt of collection agenciesInformation about payments you’ve made or payment plans you’ve agreed to

Information about your personal circumstances, such as your ability to pay – as well as any additional needs you have
Credit reference or fraud prevention agenciesYou can find more info about this kind of data in sections 7 and 8
Third-party data providersWe collect aggregated data about your location geo-demographic and lifestyle, and analyse this along with your account information – so we can gather insights. These customer insights then help us to do lots of things. Like plan our marketing activities, target our marketing communications, and conduct market research and business development.

If you’ve entered our debt collections process, we collect contact details to help us get in touch with you

Debt consolidation providers give us information on your debt profile, to help us create payment plans if you’re struggling financially

If we’re doing something that may impact the service you receive, we may ask tracing agents or other third parties to collect your contact details to help us communicate with you
Councils, local authorities, or housing associationsWe might get your name, address, and contact details from councils, local authorities, or housing associations. This could be when these organisations want to apply for carbon-cutting measures for your property, as part of government-funded schemes.
Letting agents, landlords, cohabitants, previous tenants, or other third partiesWe might get your name, address, and contact details if you’ve recently moved into, or taken over, a property that we supply. Or if a third party (like your landlord) introduces you to OVO Group, so we can set up your account.
OfgemAs a regulated company, we might get your personal data from our regulator, Ofgem, in order to meet our regulatory obligations
Law enforcement agencies (such as the police)We might get data about meter tampering, the bypassing of meters, or the illegal use of energy – so we can spot and prevent fraud or crime
OVO Group companiesWe might get your account data, technical data, optimisation and energy supply data for administrative reasons – like to make sure our customers are getting a consistent service from us, and to make our business more efficient

OVO Group includes any of the companies listed at the top of this document. Plus, our related businesses in the wider OVO Group such as CORGI, Kaluza, Field Force, Kantan, and The Renewable Exchange, as well as other subsidiaries of OVO Group Limited from time to time.
Third parties who introduce you to us (such as price comparison websites)So we can set up an account for you, and to give you the services you’ve asked for
Department for Work and PensionsWe might get the following details, to check if you can get the Warm Home Discount scheme: your contact details, account data, financial details, and details of your energy supply
Department for Business, Energy and Industrial Strategy (BEIS)We might give them your contact details, account data, and energy supply data. This could be if they ask for information about Feed-in Tariff (FIT) installations, for example.


6.0 Legal bases for data processing

We’ve checked the legal bases for us to use your personal data, and they’re as follows:

For your contractWe use your data mainly to give you the products and services that you’ve asked for (for example, energy products)
Our legal obligationsOur use of your personal data is necessary, so we can comply with our legal obligations
Our legitimate interestsIt might be in our interests to collect and use your personal data, as we need this info to give you the services you want more effectively. When deciding whether it’s in our interests to use your data, we also consider your interests as a citizen and your rights under data- protection laws

It’s in our interests to:
1. Run, grow, and develop our business
2. Spot and prevent fraud Improve the security of our network and information systems
3. Make sure our own processes, procedures, and systems are as good as they can be
4. Recover debts that are owed to us
5. Get a better understanding of how people use our website and other channels where people engage with us
6. Analyse and enhance the information that we collect
7. Work out how effective our promotional campaigns and advertising campaigns are
8. Enhance, modify, personalise, or otherwise improve our services and communications for the benefit of our customers If you have concerns about the processing activities based on our interests, please take a look at section 13.
Your consentSometimes, we need your consent if we do want to use your personal data. For example, to send you marketing communications about OVO Group products in certain circumstances.

If you give us your consent but later you change your mind, you can withdraw it anytime, by letting us know. Just get in touch, using the details in section 14 – and we’ll stop using your data for that purpose.
Vital interestOn very rare occasions, we might use or share data about you to protect either you or someone else.
Substantial public interestWe might use data in order to pursue something that’s of key interest to what’s called the ‘substantial public interest’. This would always be in accordance with the Data Protection Act 2018. These interests cover things like the safeguarding of people at risk, and safeguarding the economic wellbeing of certain people.

7.0 Automated decision making

Your personal data helps us make decisions that are automated (which means they’re carried out by our computer systems, automatically). And we use your data to do this in the following ways:

7.1 To decide your SSE Home Services cover renewal price

We use an automated calculation to let us make a fair and responsible decision on what pricing we can offer you, based on the cost of maintaining your boiler. We’ll\ consider:

  • Your boiler make and model
  • The length of time you’ve had cover
  • Your geographical location
  • Your claims history
  • Whether non-standard system parts are needed (including thermal store and unvented cylinders)

If we think your boiler is non-standard and/or you’ve made a claim against your product, and/or you live in a place where it costs more for us to serve you, your individual renewal price might go up.

7.2 To make credit decisions

We use automated credit-scoring assessments to check how suitable it is for you to take any product or service on a credit basis, and to manage any debt related to\ your account.\ To do this, we might look at:

  • Data that’s included when you apply for a new product or service
  • Data we already have about you, your account, or your property – such as payment history for existing products and services. This includes data from accounts where you’re named jointly, with one or more other account holders.
  • Information from one or more credit reference agency
  • And/or, where it’s appropriate, data from fraud prevention agencies

If we decide that offering unsecured credit is not appropriate, we might need energy customers to pay a security deposit – or to pay using a prepayment meter, or a smart meter in prepayment mode. We might ask you for payment security at any time, if we decide that unsecured credit is no longer right for you. For non-energy products such as telephone or broadband, when we decide that credit isn’t right for you, we might choose not to continue with your application. We’ll write to let you know about this. If your account is in debt or if we think that it will fall into debt in the future, we might look at your risk of debt, and tailor our debt recovery processes to you and your level of risk.

7.3. For the Warm Home Discount

For both online applications and paper applications, we use an automated process to check people are eligible for Warm Home Discount rebates. This means our computer system will check the benefits you’ve ticked on your application, to see whether you meet the criteria needed to get the rebate. The criteria are described in the online journey and on the paper application form.

7.4 How to appeal

You can appeal against any automated decision, get an explanation of the decision, or ask for a person to review it. Just get in touch with us. You’ll find our details in section 14.

8.0 Who we share your personal data with

We’ll share your personal data with the following types of third parties:

Type of third partyMore details on this
Our third-party suppliers, partners, and subcontractorsThey offer, review, and/or receive services that are to do with our website, services, and/or products.

They include:
Payment processors
Suppliers of technical, support, and installation services
Insurers
Logistics providers
Call centre service providers
Security providers
Cloud services providers
Research agencies
Market research agencies
Green Deal providers

And (if you can claim government funding for energy efficiency measures) installers, energy performance assessors, and sales advisers
Any company that’s a member of OVO GroupOVO Group includes any of the companies listed at the top of this document. Plus, our businesses in the wider OVO Group such as CORGI, Kaluza, Field Force, Kantan, and The Renewable Exchange, as well as other subsidiaries of OVO Group Limited from time to time.
Family members or cohabitants, previous tenants, landlords, letting agents, or other third partiesWhere appropriate, people who could need data about you or your property – or who introduced you to us.
Government or law enforcement officialsIf we have good reason to think we’ve got a duty to do it, we’ll give out your data to meet any legal obligation – where your data might be needed to meet national security or law enforcement needs, or to stop illegal activity.
Other energy suppliersIf you choose to leave us, we’ll share your data with your new supplier to help make the switching process smoother. This includes your energy use and any debts on your account. We might also share your personal data with another energy supplier when they carry out services for us – like if they do meter readings at your property on our behalf.
Regulators or other legally-appointed bodiesThis includes but isn’t limited to Ofgem, the Information Commissioner’s Office, or the Financial Conduct Authority. We share your data for legal or regulatory reasons – for example, we might send your data to Ofgem to prove that you qualify for a government-funded scheme, if we’re asked to do so.
VodafoneIf you’re a phone and/or broadband customer, we’ll share your data with Vodafone – our current phone line and broadband supplier. Vodafone is responsible for the personal data that’s collected when you use these services, as well as how it’s used. Vodafone will also handle your personal data while giving you phone and broadband services. This is all set out in Vodafone’s Privacy Policy.
Price comparison sitesThese sites might take your details when you ask for a quote, or when you switch to us via a price comparison site.
Third parties that help us with advertising and marketingHere’s one example of how this works. We share some personal data with these third parties, who advertise on their platforms for us: Amazon, Viant, Facebook, and Google AdWords.
Relevant gas transporters, engineers, or network operatorsWe’ll share data with other utility service providers who might be supplying your property – like your distribution network operator.
Support servicesWhere it will help you, we’ll share data with your local authority, water company, social services, charities, healthcare services, and other support organisations. We might also share it with housing associations that are relevant to your property and/or your use of our services.
Debt collection and tracing agentsThis might happen if you don’t pay us for the services we give you. We might also sell the right to recover any debts you owe us to a third party, which is part of our general terms and conditions for supplying electricity and/or gas. As well as this, we could pass personal data to possible buyers of this debt, so they can evaluate it before the sale’s complete.

If we’re doing something that could impact the service you receive, we may share your personal data with a tracing agent to locate your contact details so we can communicate with you
Authorised third parties or named account holdersThis can be on any account you have with us.
Anyone who buys our business, any other business we buy or merge with, and/or a new data controllerIf we sell or merge any of our businesses or assets, or if we do any internal reorganisations, your personal data might be one of the assets that goes to the buyer and/or new data controller.
Insurance underwriter / alternative dispute resolution providerIf you’re a SSE Home Services customer, we might share your data with an insurance underwriter, who underwrites our insurance products. We could also share your data with a dispute resolution provider, if you’ve got a complaint about your non-insurance product that we can’t settle.
A third party, such as the police or legal representativesWe could need to share your data with these third parties as part of enforcing our terms and conditions, or any other agreement. This might also happen when we’re replying to any claims, or protecting the following: our rights, or the rights of a third party, or the safety of any person. We might also do this to stop any illegal activity.
Credit reference agenciesWhen you enter into a contract with us for your energy supply, we’ll give information about you to credit reference agencies, and gather this from them too. When credit reference agencies get a request from us, they’ll place a search footprint on your credit file. This might be seen by other lenders. They give us public data (including info from the electoral register), as well as data on shared credit, your financial situation, information on your financial history, and on fraud prevention.

We might also make checks, like assessing your application for credit and verifying identities – so we can spot and prevent crime. We’ll also keep sharing information about you with credit reference agencies on an ongoing basis. This includes things like your settled accounts and any debts you haven’t fully repaid on time.

Occasionally, we might also do searches via credit reference agencies and fraud prevention agencies to manage your account with us. Who these credit reference agencies are, and the ways in which they use and share personal information, is all explained in more detail at experian.co.uk
Professional advisersThese advisers could be lawyers, bankers, auditors, and insurers who offer consultancy, banking, legal, insurance and accounting services.
Letting agents (where applicable)To carry out any ancillary services that you’ve asked for – an example would be for help with council tax and getting water set up at a new address.
Fraud prevention agencies(i) To help us spot fraud and energy theft, we’ll give details of your account to fraud prevention agencies, who’ll use the information to check public databases and other ones they hold. They might also give us information to help tackle fraud and energy theft. Checks will be carried out on a regular basis, while you hold an account with us.

(ii) If we think or are certain that energy has been stolen, a record will be kept by fraud prevention agencies. This might include sensitive data about alleged criminal offences. The fraud prevention agencies might give the information to other energy companies to help uncover fraud and energy theft, but only in occasional circumstances where you have accounts with them.

Where theft has been found, your account terms could change, but we’ll let you know if this is the case.
Owners and/ or operators of smart meters (or similar), smart meter contractors, and the Data and Communications Company (DCC)This is for your smart meter, so that we can connect to it and get readings from it.
Department for Business, Energy and Industrial Strategy (BEIS) / Central FIT RegisterFor FIT and SEG customers, we’ll share information with the Department for Business, Energy and Industrial Strategy (BEIS) and the Central FIT Register when asked to.



9.0  How your personal data is sent outside of the European Economic Area

We (or a third party who we share personal data with) might host, store, and handle that personal data outside of the European Economic Area (EEA). Some of our customer service work is done outside the EEA, to make sure we operate as easily as possible. This means that we’ll send your personal data to suppliers based outside the EEA.

9.1 The ways we protect your data when we send it

When we send data outside of the EEA, we make sure that all the right safeguards have been put in place to protect your personal data.

This means that we’ll:

  • Make sure the country where your personal data will be handled has been deemed “adequate” by the European Commission, under Article 45 of the General Data Protection Regulation (GDPR).

  • Include standard data protection clauses (approved by the European Commission for transferring personal data outside the EEA) in our contracts with those third parties – these are the clauses approved under Article 46.2 of the GDPR.

10.0 How long we keep your personal data

We keep your personal data for no longer than is necessary. This means that when we don’t need it any more we delete it. The length of time we keep it all depends on why we’re using it and/or what we need to do to comply with applicable laws and to establish, exercise, or defend our legal rights.

In some circumstances, we might anonymise your personal data (so that it can no longer be associated with you) and use this indefinitely, without further notice.

11.0 Protecting your personal data

We follow strict security procedures to protect your personal data. This includes following certain guidelines (for example, checking your identity when you\ phone us).

Whilst we take appropriate technical and organisational measures and have in place physical and electronic procedures necessary to safeguard the personal data that you provide to us, no transmission to or from us by post, email, phone, SMS or over the internet can ever be guaranteed as entirely secure. Communications over the web are not secure and as such, we cannot accept any liability or responsibility for any unauthorised access or loss of personal data.

We also have procedures in place to deal with any suspected data security breach. We’ll notify you and any applicable regulator of a suspected data security breach where we’re legally required to do so.

12.0 How we might change this privacy policy

We could change this privacy policy from time to time. If we do make changes, we’ll let you know by revising the date at the top of this policy. And if they’re major changes, then we might also let you know by getting in touch with you.

13.0 The choices and rights you have, when it comes to your personal data

Our contact details are in section 14, and you can always get in touch to ask that we:

  • Let you know if your personal data is being processed

  • Give you further details about how we process your personal data

  • Give you a copy of any personal data we hold about you

  • Withdraw your consent for a way that we’re using your data (where we need your consent legally to use your personal information)

  • Consider any valid objection you have to us processing your personal data (including the right to object to processing where we’re relying on our interests as a legal basis for processing)

  • Update or delete personal data that we have about you

  • Restrict the way that we process your personal data

  • Consider any valid request to transfer your personal data (that relates to an energy account) to a third-party provider of services (this is called data portability)

  • Where we carry out automated decision making that has legal or significant effects on you, make sure we get a person to review that decision, give you an explanation of the decision, and/or consider your appeal of the decision

13.1 Exemptions

However, certain personal data may be exempt from the requests above, in certain circumstances. We could need to keep processing your personal data because of our interests, or to meet a legal obligation.

13.2  Response

If an exemption applies, we’ll tell you when we reply to your request. We might ask you to give us some data to confirm your identity before we reply.

14.0 Getting in touch with us

14.1 Our contact details

If you’ve got any questions about data protection, or you’re not happy with how we’ve handled your data, please get in touch:




When you send us your query, let us know it’s a ‘rights request’ as part of your message. This will help make sure it goes to the right place. Please include your name, account number, address, and if there’s any data you’re especially interested in – if you can. This will make it easier for us to respond to you properly.

CompanyType of question you have
SSEFor access to your data:
[email protected]
The Subject Access Requests Team OVO Grampian House 200 Dunkeld Road PERTH PH1 3GH

To delete your data:
[email protected]
The Right to Erasure Team Unit 4 Penner Road Havant PO9 1QH

All other requests:
[email protected]
OVO[email protected]




You can email our Data Protection Officer (DPO): [email protected] And you can write to them too:  OVO Energy, 1 Rivergate, Temple Quay, Bristol, BS1 6ED

14.3 Information Commissioner’s Office (ICO)

If you’re not happy with our reply to any complaint or you think our processing of your data doesn’t comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO). Just use these details:

  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Telephone number: 0303 123 1113
  • Website: ico.org.uk

Related information:

Read our cookies policy