Last updated: 25 August 2020
Introduction: protecting your data
1.0 The data we collect and how we do this
2.0 How we use your personal data
2.1 Reasons
2.2 Green Deal
2.3 Marketing
3.0 How we use smart meter data
3.1 Here’s how we use energy consumption data, given to us by your smart meter
3.2 How often your smart meter sends us readings
4.0 How we use your sensitive personal data
4.1 How we look after you and others in your home
4.2 Criminal offences data
5.0 The data we get from third-party sources
6.0 The legal bases for data processing
7.0 Automated decision making
7.1 To decide your Home Services cover renewal price
7.2 To make credit decisions
7.3 For the Warm Home Discount
7.4 How to appeal
8.0 Who we share your personal data with
9.0 How your personal data is sent outside of the European Economic Area
9.1 The ways we protect your data when we send it
10.0 How long we keep your personal data
11.0 Protecting your personal data
12.0 How we might change this privacy policy
13.0 The choices and rights you have, when it comes to your personal data
13.1 Exemptions
13.2 Response
14.0 Getting in touch with us
14.1 Our contact details
14.2 Data Protection Officer (DPO)
14.3 Information Commissioner’s Office (ICO)
Our customers are at the centre of everything we do. So, as well as giving you excellent value and the best service around, we’re committed to protecting your privacy.
This privacy policy is here to help you understand what data we collect, why we collect it, and what we do with it. Please read carefully, because it tells you some important stuff – about how we handle your personal data, and the steps you can take to look after it.
This privacy policy applies to the following brands: OVO Energy, SSE Energy Services, and Boost. SSE’s GB domestic retail business is now part of the OVO family too. This includes SSE’s domestic energy plans, as well as phone and broadband offers, and home services (that’s boiler and heating cover). Our associated brands of SSE Energy Services, Southern Electric, Scottish Hydro, SWALEC, and Atlantic are trading names within the OVO family.
The boring bit:
The responsible data controllers are: OVO Electricity Limited (No. 06858121); OVO Energy Ltd No (06890795); OVO (S) Gas Limited (No. 02716495); OVO (S) Home Services Limited (No. SC292102); OVO Gas Ltd (No. 06752915); OVO (S) Metering Limited (No. SC318950); OVO (S) Retail Telecoms Limited (No. 10086511); OVO (S) Energy Solutions Limited (No. SC386054); OVO (S) Energy Services Limited (No. 11046212); OVO Energy France SAS (No.497 933 408); OVO Energy (Netherlands) B.V.
(No. 74401882); OVO Energy (Italy) S.r.l. (No. M-2547933); OVO Energy Spain S.L.L. (No.B67365239); and OVO Energy Germany GmbH (No. HRB 214840 B). When we refer to “we”, “us”, and “our”, we mean any one or more of those data controllers, as appropriate. By “you” or “your” we mean any individual, sole trader and/ or partnership that gets products or services from us, uses our website, or interacts with us in another way. This privacy policy supplements, or may be supplemented by, other privacy policies we might give you – but it doesn’t replace them.
If you have any questions, comments, or concerns about this policy, we’d love to hear them. Get in touch anytime: our contact details are in section 14.
Thanks for reading! We hope this policy helps.
We (or third parties who act on our behalf) collect your personal data when you use our website, talk to us over the phone, by letter, by email, on social media, or in person, receive our products and/or services, or ask to join schemes which you’re eligible for.
We might collect the following data:
Types of data we |
What this data covers |
Your contact details |
|
Your account data |
|
Financial data |
|
Technical data |
|
Optimisation data |
For some products and services, such as Energy Spotlights and our Carbon Tracker, we might ask you to give us extra data about your home and lifestyle, to make sure you get the most out of whatever you’re using. This includes data like:
|
Marketing and |
|
Energy supply data |
If you’ve got a smart meter:
|
Sensitive types of data |
|
Other types of data |
|
We need this personal data so we can give you services and/or products. If you don’t give it to us, you might not be able to access certain products and/or services.
It’s really important that the data we hold about you is up to date. Please let us know whenever your personal details change.
We also look at something called ‘aggregated data’, to help make our operations better and give you the best service possible. Here’s one example of what aggregated data is and how we use it: when you visit our website or our app, sometimes we examine data that shows us how you use these platforms, to check for any flaws or problems for us to fix.
All aggregated data is anonymised, so it never reveals your identity.
Here’s some more info about how we actually use your data.
We might use your data for the following reasons (‘we’ includes our agents, and third parties too – but only in certain areas):
Our reason for |
More details on what we need this for |
To serve your account |
|
To help us improve |
|
To keep in contact |
|
To support our business |
|
If you’re an SSE Green Deal customer, you’ll find out more about how we use your data in our Green Deal Privacy Charter.
Unless you’ve opted out, we might get in touch with you about our products, services, events, and rewards. This could be by email, letter, phone call, or SMS. We might also contact you with info about other companies in OVO Group – and, sometimes, about our carefully chosen partners too. We identify them when we collect your data. When we need your consent to get in touch with you, we’ll always make sure we have this.
Unless you’ve opted out, we might also use your personal data to show you digital advertisements via your social media feed, on search engine results pages, or on other websites.
And finally, unless you’ve opted out, we might use your data to give you marketing and offers that are tailored to you. If you do opt out of this, we’ll still analyse your data, but we won’t use this analysis to market anything to you. We could send you generic marketing, which might not be relevant to you.
You can say no to us using your data for direct marketing reasons, or you can opt out of getting marketing messages. Just get in touch – anytime. Our contact
details are in section 14.
Sometimes, we’ll remind you that you can update your preferences for how you’d
like us to send marketing info. Or, if you haven’t told us what your preferences are,
we might get in touch to find out.
We’ll use your energy consumption data that we get remotely from your smart meter for all the following reasons:
You can choose how often your smart meter sends us readings, before you get your smart meter installed. If you switch to us from another energy supplier, we might get in touch with you to chat about your preferences for smart meter data collection.
You don’t have to give us readings frequently, if you don’t want to. But, if that’s the case, we might not be able to give you some of our products and services. Or, at the very least, your use of some products and services could be limited.
Your options are:
We might also get smart meter readings when:
You can always change how often we collect energy data from your smart meter. If you do, this will take up to 5 days to carry out, from the date that you contact us.
We treat some of the data we collect about you as extra sensitive. This could be about your needs, or details of criminal offences (see section 1). We’ll only use this data in the following ways:
We collect data about you and other people in your household, to make sure we’re aware of any needs you might have. This could be data on age, health, or disability, for example. With your permission, we could use this helpful data to:
1. Look after you and others in your household. For example, to make sure we don’t turn off your power. And so we can respond in the right way, if there’s an emergency situation.
2. Give you products and/or services in a way that suits you, like if you need large print or braille
3. Assist staff and third-party contractors
4. Make sure you have the best experience when you come to an OVO event – let’s say, if we need to make sure the space is easily accessible for you
With your permission, we might share this data with the following people or
organisations:
We use details of any criminal offences you’ve been accused of, together with information about whether the gas or electricity supply to your property has been tampered with or stolen in the past (or if we think it has), for the following reasons:
We also get your personal data from the following third-party sources:
Types of |
The kind of data we get from these |
Other energy suppliers |
|
National databases |
|
Debt of collection |
|
Credit reference or |
|
Third-party |
|
Councils, local |
|
Letting agents, |
|
Ofgem |
|
Law enforcement |
|
OVO Group companies |
|
Third parties who |
|
Department for |
|
Department for |
|
We’ve checked the legal bases for us to use your personal data, and they’re as follows:
For your contract |
|
Our legal obligations |
|
Our legitimate interests |
It might be in our interests to collect and use your personal data, as we
If you have concerns about the processing activities based on our interests, please take a look at section 13. |
Your consent |
Sometimes, we need your consent if we do want to use your personal data. For example, to send you marketing communications about OVO Group products in certain circumstances. If you give us your consent but later you change your mind, you can withdraw it anytime, by letting us know. Just get in touch, using the details in section 14 – and we’ll stop using your data for that purpose. |
Vital interest |
On very rare occasions, we might use or share data about you to protect either you or someone else. |
Substantial |
We might use data in order to pursue something that’s of key interest to what’s called the ‘substantial public interest’. This would always be in accordance with the Data Protection Act 2018. These interests cover things like the safeguarding of people at risk, and safeguarding the economic wellbeing of certain people. |
Your personal data helps us make decisions that are automated (which means they’re carried out by our computer systems, automatically). And we use your data to do this in the following ways:
We use an automated calculation to let us make a fair and responsible decision on what pricing we can offer you, based on the cost of maintaining your boiler. We’ll
consider:
If we think your boiler is non-standard and/or you’ve made a claim against your product, and/or you live in a place where it costs more for us to serve you, your individual renewal price might go up.
We use automated credit-scoring assessments to check how suitable it is for you to take any product or service on a credit basis, and to manage any debt related to
your account.
To do this, we might look at:
If we decide that offering unsecured credit is not appropriate, we might need energy customers to pay a security deposit – or to pay using a prepayment meter, or a smart meter in prepayment mode. We might ask you for payment security at any time, if we decide that unsecured credit is no longer right for you. For non-energy products such as telephone or broadband, when we decide that credit isn’t right for you, we might choose not to continue with your application. We’ll write to let you know about this. If your account is in debt or if we think that it will fall into debt in the future, we might look at your risk of debt, and tailor our debt recovery processes to you and your level of risk.
For both online applications and paper applications, we use an automated process to check people are eligible for Warm Home Discount rebates. This means our computer system will check the benefits you’ve ticked on your application, to see whether you meet the criteria needed to get the rebate. The criteria are described in the online journey and on the paper application form.
You can appeal against any automated decision, get an explanation of the decision, or ask for a person to review it. Just get in touch with us. You’ll find our details in section 14.
We’ll share your personal data with the following types of third parties:
Type of third party |
More details on this |
Our third-party |
They offer, review, and/or receive services that are to do with our website, services, and/or products. They include:
|
Any company that’s a |
OVO Group includes any of the companies listed at the top of this document. Plus, our businesses in the wider OVO Group such as CORGI, Kaluza, Field Force, Kantan, and The Renewable Exchange, as well as other subsidiaries of OVO Group Limited from time to time. |
Family members or |
Where appropriate, people who could need data about you or your property – or who introduced you to us. |
Government or |
If we have good reason to think we’ve got a duty to do it, we’ll give out your data to meet any legal obligation – where your data might be needed to meet national security or law enforcement needs, or to stop illegal activity. |
Other energy |
If you choose to leave us, we’ll share your data with your new supplier to help make the switching process smoother. This includes your energy use and any debts on your account. |
Regulators or other |
This includes but isn’t limited to Ofgem, the Information Commissioner’s Office, or the Financial Conduct Authority. We share your data for legal or regulatory reasons – for example, we might send your data to Ofgem to prove that you qualify for a government-funded scheme, if we’re asked to do so. |
Vodafone |
If you’re a phone and/or broadband customer, we’ll share your data with Vodafone – our current phone line and broadband supplier. |
Price comparison sites |
These sites might take your details when you ask for a quote, or when you switch to us via a price comparison site. |
Third parties that help |
Here’s one example of how this works. We share some personal data with these third parties, who advertise on their platforms for us: Amazon, Viant, Facebook, and Google AdWords. |
Relevant gas |
We’ll share data with other utility service providers who might be supplying your property – like your distribution network operator. |
Support services |
Where it will help you, we’ll share data with your local authority, water company, social services, charities, healthcare services, and other support organisations. We might also share it with housing associations that are relevant to your property and/or your use of our services. |
Debt collection and |
This might happen if you don’t pay us for the services we give you. |
Authorised third |
This can be on any account you have with us. |
Anyone who buys |
If we sell or merge any of our businesses or assets, or if we do any internal reorganisations, your personal data might be one of the assets that goes to the buyer and/or new data controller. |
Insurance underwriter |
If you’re a SSE Home Services customer, we might share your data with an insurance underwriter, who underwrites our insurance products. |
A third party, such |
We could need to share your data with these third parties as part of enforcing our terms and conditions, or any other agreement. This |
Credit reference |
When you enter into a contract with us for your energy supply, we’ll give information about you to credit reference agencies, and gather this from them too. When credit reference agencies get a request from us, they’ll place a search footprint on your credit file. This might be seen by We might also make checks, like assessing your application for credit and verifying identities – so we can spot and prevent crime. We’ll also keep sharing information about you with credit reference agencies on an ongoing basis. This includes things like your settled accounts and any debts you haven’t fully repaid on time. Occasionally, we might also do searches via credit reference agencies and fraud prevention agencies to manage your account with us. Who these credit reference agencies are, and the ways in which they use and share personal information, is all explained in more detail at experian.co.uk/crain/index.html |
Professional advisers |
These advisers could be lawyers, bankers, auditors, and insurers who offer consultancy, banking, legal, insurance and accounting services. |
Letting agents |
To carry out any ancillary services that you’ve asked for – an example would be for help with council tax and getting water set up at a new address. |
Fraud prevention |
(i) To help us spot fraud and energy theft, we’ll give details of your account to fraud prevention agencies, who’ll use the information to check public databases and other ones they hold. They might also give us information to help tackle fraud and energy theft. Checks will be carried out on a regular basis, while you hold an account with us. (ii) If we think or are certain that energy has been stolen, a record will be kept by fraud prevention agencies. This might include sensitive data about alleged criminal offences. The fraud prevention agencies might give the information to other energy companies to help uncover Where theft has been found, your account terms could change, but we’ll let you know if this is the case. |
Owners and/ |
This is for your smart meter, so that we can connect to it and get readings from it. |
Department for |
For FIT and SEG customers, we’ll share information with the Department for Business, Energy and Industrial Strategy (BEIS) and the Central FIT Register when asked to. |
Where third parties are handling data on our behalf, they won’t use your personal data for their own purposes. We only let them use it while following our strict instructions and the law.
We (or a third party who we share personal data with) might host, store, and handle that personal data outside of the European Economic Area (EEA). Some of our customer service work is done outside the EEA, to make sure we operate as easily as possible. This means that we’ll send your personal data to suppliers based outside the EEA.
When we send data outside of the EEA, we make sure that all the right safeguards have been put in place to protect your personal data.
This means that we’ll:
We keep your personal data for no longer than is necessary. This means that when we don’t need it any more we delete it. The length of time we keep it all depends on why we’re using it and/or what we need to do to comply with applicable laws and to establish, exercise, or defend our legal rights.
In some circumstances, we might anonymise your personal data (so that it can no longer be associated with you) and use this indefinitely, without further notice.
We follow strict security procedures to protect your personal data. This includes following certain guidelines (for example, checking your identity when you
phone us).
Whilst we take appropriate technical and organisational measures and have in place physical and electronic procedures necessary to safeguard the personal data that you provide to us, no transmission to or from us by post, email, phone, SMS or over the internet can ever be guaranteed as entirely secure. Communications over the web are not secure and as such, we cannot accept any liability or responsibility for any unauthorised access or loss of personal data.
We also have procedures in place to deal with any suspected data security breach. We’ll notify you and any applicable regulator of a suspected data security breach where we’re legally required to do so.
We could change this privacy policy from time to time. If we do make changes, we’ll let you know by revising the date at the top of this policy. And if they’re major changes, then we might also let you know by getting in touch with you.
Our contact details are in section 14, and you can always get in touch to ask that we:
However, certain personal data may be exempt from the requests above, in certain circumstances. We could need to keep processing your personal data because of our interests, or to meet a legal obligation.
If an exemption applies, we’ll tell you when we reply to your request. We might ask you to give us some data to confirm your identity before we reply.
If you’ve got any questions about data protection, or you’re not happy with how we’ve handled your data, please get in touch:
Company | Our contact info |
SSE |
|
OVO |
When you send us your query, let us know it’s a ‘rights request’ as part of your message. This will help make sure it goes to the right place. Please include your name, account number, address, and if there’s any data you’re especially interested in – if you can. This will make it easier for us to respond to you properly.
Company | Type of question you have |
SSE |
For access to your data:
To delete your data:
All other requests: |
OVO |
You can email our Data Protection Officer (DPO): [email protected] And you can write to them too: OVO Energy, 1 Rivergate, Temple Quay, Bristol, BS1 6ED
If you’re not happy with our reply to any complaint or you think our processing of your data doesn’t comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO). Just use these details:
Related information: