Our Privacy Policy

Types of data we
might collect from you

What this data covers

Your contact details
and the contact
details of people
associated with your
account. 
Remember: if you
give us someone
else’s personal
data, make sure you
always have their
permission.

• Full name
• Email address
• Billing address
• Property address
• Phone number – we automatically collect the number you use when you get in touch with us. If we don’t already have this information, we might add it to your account, once we’ve taken steps to make sure it’s definitely yours.
• Any other relevant info we need in order to know that it’s you and be able to contact you directly
• Details of a secondary contact, such as nominees or attorneys (for example, their name and number)

Your account data
and the account
data of other people
associated with your
account.
Remember: if you
give us someone
else’s personal
data, make sure you
always have their
permission.

• Unique account number
• Date of birth
• Title
• National Insurance number
• Whether you’re a homeowner or renting
• Survey responses
• Energy Performance Certificate (EPC) data
• Photos of your meter
• Information about any other accounts you have for gas, electricity, broadband or telephone, including the name of the supplier and payment methods
• Conversations we have with you, including phone calls and emails, which might be monitored or recorded
• Household details and property type
• Complaints and/or incident details
• Appointment details
• Notes added to your account

Financial data

• Bank account details
• Your credit history
• Details of state benefits you receive

Technical data

• Internet protocol (IP) address, used to connect your computer to the internet
• Login data (like your username and password)
• Your browser, and which version of the browser you’ve got, plus which devices you use to access our websites
• Your time zone setting
• Operating system and platform
• Your behaviour on our website or app (for example, the pages that you click on, page response times, download errors, length of visits to pages, and how you interact with pages)
• Your rough location when you connect to our websites (this will just be the city or county you’re using your device in)
• We track technical data by using cookies

Optimisation data

For some products and services, such as Energy Spotlights and our Carbon Tracker, we might ask you to give us extra data about your home and lifestyle, to make sure you get the most out of whatever you’re using. This includes data like:

• Number of people and rooms in your home
• What type of heating system you have
• What and how much you recycle
• Which transport you use

Marketing and
communications data

• Your preferences in receiving marketing from us and third parties
• Your communication preferences

Energy supply data

• The date we start supplying your energy
• Technical meter details
• Meter Point Administration Number (MPAN) for electricity customers
• Meter Point Reference Number (MPRN) for gas providers
• Your plan
• Energy usage (like meter readings, and units of gas and electricity used over a period of time)

If you’ve got a smart meter:

• Your energy consumption data (go to section 3 for more details)

Sensitive types of data

• Data about your needs and the needs of other people in your household. This helps us understand if you have any special requirements. For example, this data might cover age, disabilities, health and/or any financial vulnerability. And if it applies to you, we might add you to the Priority Services Register.
• If we think that someone might have committed fraud or stolen energy from us (for example, by tampering with a meter or diverting an energy supply) we’ll record this information

(Go to section 4 for more details.)

Other types of data

• If you’re a broadband customer, we collect your Migration Authorisation Code, which gives us important information about your internet connection
• If you’re applying for Help to Heat Group benefits, we need a mortgage statement
• If you want to attend one of our sponsored events, we might need venue and dietary preferences, accessibility needs, and an emergency point of contact
• If you speak to us through social media, we take your name and store a link to your social media profile, which we keep with details of your previous conversations with us
• If we (or our third-party suppliers) visit your home, we might collect personal information about you or people in your household. For example, we might record information, if we think you or someone in your household could benefit from the Priority Services Register.
• If you register an account for services with us, we create customer ID numbers for you and record these, as well as the date of your application
• If you’re part of the OVO Group Feed-in Tariff (FIT) Scheme or Smart Export Guarantee (“SEG”) Scheme, we’ll gather the following: regular generation/export meter readings; generation/export meter details; data needed for identification and address checks; details of company affiliations; details of nominated people; contract details; micro generation certification scheme information; and (where necessary) EPC information for the property.

Our reason for
using your data

More details on what we need this for

To serve your account

• To identify you
• To give you relevant products and/or services, benefits, and rewards
• To give you information about the amount of each service you’ve used, and which charges will apply. For example, how much electricity or gas you’ve used and what this will cost.
• For replying to any questions or issues you have
• To talk to you about your account, whether that’s via post, email, your online account, SMS, live chat, other kinds of electronic communication (including messages sent through a smart meter), or by visiting you (to take a meter reading, for example)
• To predict the amount of energy you’re likely to use in any period of time
• For deciding which products and/or services, and which terms and conditions, we can offer you. For example, if you ask for a certain plan, we’ll check to see if it works for you.
• We’ll use data collected from your smart meter to work out your bills, to identify you, and to prevent fraud or energy theft. If you’ve got a smart meter, you’ll find more details about how we use your information in our terms and conditions, as well as in our Smart Meter Data Charter.
• When you switch to us from your last energy supplier, or when you switch away from us to a new one
• To spot and prevent crime, fraud, or loss
• So you can use interactive online features
• As part of arranging and carrying out visits to your property (such as for reading meters)
• To give you incentives or run a loyalty scheme

To help us improve

• For training our team and improving our products and services, which might mean we monitor and record conversations we have with you (like phone calls, emails, SMSs, and live chats)
• When using data analytics to understand and improve the way we do things as a business
• To carry out market research, and to get in touch with you about this (for example, when doing customer satisfaction surveys and questionnaires)
• To create internal reports or profiles, while analysing information for forecasting and marketing purposes
• When we’re conducting trials of technology and infrastructure, to help develop and improve products and services

To keep in contact

• For us (or authorised third parties) to get in touch with you, about our services and/or products – such as to send you info when you sign up or change plans, service announcements, and administrative messages
• To contact you (by letter, phone call, SMS, or email) with details of products and services that we or members of OVO Group offer, which are similar to those that you have already, or to give you info about services or products you’ve opted in to getting from us
• To see if you’d like any help when you start but don’t finish our sign-up journey, or when you’ve asked for a quote from us

To support our business

• To ensure the health and safety of you, our team, and contractors
• When using Feed-in Tariff (FIT) data to register an installation on the FIT scheme through the Central FIT Register, when acting as administrators and facilitating payments through this scheme, and when acting as a mandatory licensed supplier for the SEG (Smart Export Guarantee) scheme
• To comply with any procedures, laws, and regulations that apply to us – including where we think it’s in our best interests to comply (or in the interests of others)
• To allow for internal corporate reporting, business administration, adequate insurance coverage, the security of company facilities, research and development, and to find business efficiencies and put these into practice
• To establish, exercise, or defend our legal rights – including where we think it’s in our best interests (or in the interests of others)
• When your letting agent has given us personal information about you, we might need to share this with your local council and water authority – so they can get in touch with you about any tax or charges
• To help with system maintenance, testing, and training
• To run credit checks and check your credit score, which might affect the services we offer you
• To carry out or help with fraud prevention, identity or money laundering verification, and legal enforcement when needed
• To go after any money owed to us, and manage our debt collection and recovery activities
• To administer and protect our business, and to manage and protect our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data)

Types of
third-party sources

The kind of data we get from these

Other energy suppliers

• Meter readings
• Payments from your existing energy supplier, when you ask to switch to us
• We might also get details of suspected fraud or energy theft, so we can spot and prevent fraud or crime

National databases
(ECOES, Xoserve,
and PAF)

• We might get details like your MPAN and other information about your energy supply, to help if you’re going through the process of switching suppliers. And to access this info, we might use a third party.

Debt of collection
agencies

• Information about payments you’ve made or payment plans you’veagreed to
• Information about your personal circumstances, such as your ability to pay – as well as any additional needs you have

Credit reference or
fraud prevention
agencies

• You can find more info about this kind of data in sections 7 and 8

Third-party
data providers

• We collect aggregated data about your location geo-demographic and lifestyle, and analyse this along with your account information – so we can gather insights. These customer insights then help us to do lots of things. Like plan our marketing activities, target our marketing communications, and conduct market research and business development.
• If you’ve entered our debt collections process, we collect contact details to help us get in touch with you
• Debt consolidation providers give us information on your debt profile, to help us create payment plans if you’re struggling financially

Councils, local
authorities, or
housing associations

• We might get your name, address, and contact details from councils, local authorities, or housing associations. This could be when these organisations want to apply for carbon-cutting measures for your property, as part of government-funded schemes.

Letting agents,
landlords, cohabitants,
previous tenants, or
other third parties

• We might get your name, address, and contact details if you’ve recently moved into, or taken over, a property that we supply. Or if a third party (like your landlord) introduces you to OVO Group, so we can set up your account.

Ofgem

• As a regulated company, we might get your personal data from our regulator, Ofgem, in order to meet our regulatory obligations

Law enforcement
agencies (such as
the police)

• We might get data about meter tampering, the bypassing of meters, or the illegal use of energy – so we can spot and prevent fraud or crime

OVO Group companies

• We might get your account data, technical data, optimisation and energy supply data for administrative reasons – like to make sure our customers are getting a consistent service from us, and to make our business more efficient
• OVO Group includes any of the companies listed at the top of this document. Plus, our related businesses in the wider OVO Group such as CORGI, Kaluza, Field Force, Kantan, and The Renewable Exchange, as well as other subsidiaries of OVO Group Limited from time to time.

Third parties who
introduce you to
us (such as price
comparison websites)

• So we can set up an account for you, and to give you the services you’ve asked for

Department for
Work and Pensions

• We might get the following details, to check if you can get the Warm Home Discount scheme: your contact details, account data, financial details, and details of your energy supply

Department for
Business, Energy and
Industrial Strategy
(BEIS)

• We might give them your contact details, account data, and energy supply data. This could be if they ask for information about Feed-in Tariff (FIT) installations, for example.

For your contract

• We use your data mainly to give you the products and services that you’ve asked for (for example, energy products)

Our legal obligations

• Our use of your personal data is necessary, so we can comply with our legal obligations

Our legitimate interests

It might be in our interests to collect and use your personal data, as we
need this info to give you the services you want more effectively.
When deciding whether it’s in our interests to use your data, we
also consider your interests as a citizen and your rights under data-
protection laws.
It’s in our interests to:

1. Run, grow, and develop our business
2. Spot and prevent fraud
3. Improve the security of our network and information systems
4. Make sure our own processes, procedures, and systems are as good as they can be
5. Recover debts that are owed to us
6. Get a better understanding of how people use our website and other channels where people engage with us
7. Analyse and enhance the information that we collect
8. Work out how effective our promotional campaigns and advertising campaigns are
9. Enhance, modify, personalise, or otherwise improve our services and communications for the benefit of our customers

If you have concerns about the processing activities based on our interests, please take a look at section 13.

Your consent

Sometimes, we need your consent if we do want to use your personal data. For example, to send you marketing communications about OVO Group products in certain circumstances.

If you give us your consent but later you change your mind, you can withdraw it anytime, by letting us know. Just get in touch, using the details in section 14 – and we’ll stop using your data for that purpose.

Vital interest

On very rare occasions, we might use or share data about you to protect either you or someone else.

Substantial
public interest

We might use data in order to pursue something that’s of key interest to what’s called the ‘substantial public interest’. This would always be in accordance with the Data Protection Act 2018. These interests cover things like the safeguarding of people at risk, and safeguarding the economic wellbeing of certain people.

Type of third party

More details on this

Our third-party
suppliers, partners,
and subcontractors

They offer, review, and/or receive services that are to do with our website, services, and/or products. They include:

• Payment processors
• Suppliers of technical, support, and installation services
• Insurers
• Logistics providers
• Call centre service providers
• Security providers
• Cloud services providers
• Research agencies
• Market research agencies
• Green Deal providers
• And (if you can claim government funding for energy efficiency measures) installers, energy performance assessors, and sales advisers

Any company that’s a
member of OVO Group

OVO Group includes any of the companies listed at the top of this document. Plus, our businesses in the wider OVO Group such as CORGI, Kaluza, Field Force, Kantan, and The Renewable Exchange, as well as other subsidiaries of OVO Group Limited from time to time.

Family members or
cohabitants, previous
tenants, landlords,
letting agents, or other
third parties

Where appropriate, people who could need data about you or your property – or who introduced you to us.

Government or
law enforcement
officials

If we have good reason to think we’ve got a duty to do it, we’ll give out your data to meet any legal obligation – where your data might be needed to meet national security or law enforcement needs, or to stop illegal activity.

Other energy
suppliers

If you choose to leave us, we’ll share your data with your new supplier to help make the switching process smoother. This includes your energy use and any debts on your account.
We might also share your personal data with another energy supplier when they carry out services for us – like if they do meter readings at
your property on our behalf.

Regulators or other
legally-appointed
bodies

This includes but isn’t limited to Ofgem, the Information Commissioner’s Office, or the Financial Conduct Authority. We share your data for legal or regulatory reasons – for example, we might send your data to Ofgem to prove that you qualify for a government-funded scheme, if we’re asked to do so.

Vodafone

If you’re a phone and/or broadband customer, we’ll share your data with Vodafone – our current phone line and broadband supplier.
Vodafone is responsible for the personal data that’s collected when you use these services, as well as how it’s used. Vodafone will also
handle your personal data while giving you phone and broadband services. This is all set out in Vodafone’s Privacy Policy.

Price comparison sites

These sites might take your details when you ask for a quote, or when you switch to us via a price comparison site.

Third parties that help
us with advertising
and marketing

Here’s one example of how this works. We share some personal data with these third parties, who advertise on their platforms for us: Amazon, Viant, Facebook, and Google AdWords.

Relevant gas
transporters, engineers,
or network operators

We’ll share data with other utility service providers who might be supplying your property – like your distribution network operator.

Support services

Where it will help you, we’ll share data with your local authority, water company, social services, charities, healthcare services, and other support organisations. We might also share it with housing associations that are relevant to your property and/or your use of our services.

Debt collection and
tracing agents

This might happen if you don’t pay us for the services we give you.
We might also sell the right to recover any debts you owe us to a third party, which is part of our general terms and conditions for supplying
electricity and/or gas. As well as this, we could pass personal data to possible buyers of this debt, so they can evaluate it before the sale’s complete.

Authorised third
parties or named
account holders

This can be on any account you have with us.

Anyone who buys
our business, any
other business we
buy or merge with,
and/or a new data
controller

If we sell or merge any of our businesses or assets, or if we do any internal reorganisations, your personal data might be one of the assets that goes to the buyer and/or new data controller.

Insurance underwriter
/ alternative dispute
resolution provider

If you’re a SSE Home Services customer, we might share your data with an insurance underwriter, who underwrites our insurance products.
We could also share your data with a dispute resolution provider, if you’ve got a complaint about your non-insurance product that we can’t settle.

A third party, such
as the police or legal
representatives

We could need to share your data with these third parties as part of enforcing our terms and conditions, or any other agreement. This
might also happen when we’re replying to any claims, or protecting the following: our rights, or the rights of a third party, or the safety of any
person. We might also do this to stop any illegal activity.

Credit reference
agencies

When you enter into a contract with us for your energy supply, we’ll give information about you to credit reference agencies, and gather this from them too. When credit reference agencies get a request from us, they’ll place a search footprint on your credit file. This might be seen by
other lenders. They give us public data (including info from the electoral register), as well as data on shared credit, your financial situation,
information on your financial history, and on fraud prevention.

We might also make checks, like assessing your application for credit and verifying identities – so we can spot and prevent crime. We’ll also keep sharing information about you with credit reference agencies on an ongoing basis. This includes things like your settled accounts and any debts you haven’t fully repaid on time.

Occasionally, we might also do searches via credit reference agencies and fraud prevention agencies to manage your account with us. Who these credit reference agencies are, and the ways in which they use and share personal information, is all explained in more detail at experian.co.uk/crain/index.html

Professional advisers

These advisers could be lawyers, bankers, auditors, and insurers who offer consultancy, banking, legal, insurance and accounting services.

Letting agents
(where applicable)

To carry out any ancillary services that you’ve asked for – an example would be for help with council tax and getting water set up at a new address.

Fraud prevention
agencies

(i) To help us spot fraud and energy theft, we’ll give details of your account to fraud prevention agencies, who’ll use the information to check public databases and other ones they hold. They might also give us information to help tackle fraud and energy theft. Checks will be carried out on a regular basis, while you hold an account with us.

(ii) If we think or are certain that energy has been stolen, a record will be kept by fraud prevention agencies. This might include sensitive data about alleged criminal offences. The fraud prevention agencies might give the information to other energy companies to help uncover
fraud and energy theft, but only in occasional circumstances where you have accounts with them.

Where theft has been found, your account terms could change, but we’ll let you know if this is the case.

Owners and/
or operators of
smart meters (or
similar), smart
meter contractors,
and the Data and
Communications
Company (DCC)

This is for your smart meter, so that we can connect to it and get readings from it.

Department for
Business, Energy
and Industrial
Strategy (BEIS) /
Central FIT Register

For FIT and SEG customers, we’ll share information with the Department for Business, Energy and Industrial Strategy (BEIS) and the Central FIT Register when asked to.

SSE

• [email protected]
• 0345 071 9853

OVO

• [email protected]

Type of question you have

SSE

For access to your data:

• [email protected]
• The Subject Access Requests Team OVO Grampian House 200 Dunkeld Road PERTH PH1 3GH

To delete your data:

• [email protected]
• The Right to Erasure Team Unit 4 Penner Road Havant PO9 1QH

All other requests:

• [email protected]

OVO

• [email protected]