SSE's GB domestic retail business is now part of the OVO family. This includes our energy tariffs, as well as phone and broadband offers, and home services (boiler and heating cover). This means our associated brands of SSE, Southern Electric, Scottish Hydro, SWALEC and Atlantic are trading names within the OVO group of companies.
This privacy notice applies to our SSE, Southern Electric, Scottish Hydro, SWALEC and Atlantic customers.
The responsible data controllers are OVO Electricity Limited No. 06858121; OVO (S) Gas Limited No. 02716495; OVO (S) Home Services Limited No. SC292102; OVO (S) Metering Limited No. SC318950; OVO (S) Retail Telecoms Limited No. 10086511; and OVO (S) Energy Solutions Limited No. SC386054.
When we refer to “Group”, "we", “us”, and "our", we mean any of those data controllers, as appropriate. By “you” or "your" we mean any individual, sole trader and/or partnership that receives services from us, uses our website or otherwise interacts with us.
Please read this notice carefully as it provides important information about how we handle your personal information and the steps you can take to control it.
If you have any questions, comments or concerns about any aspect of this notice, please contact us using the details set out in section 12.
1. What information do we collect and how do we do it?
We, or third parties on our behalf, collect your personal information when you use our website, communicate with us by phone, letter, email, social media or in person, receive our products and/or services, or request to join schemes which you are eligible for.
We may collect the following personal information and we refer to this as “personal information” throughout this notice:
- your name;
- billing address;
- supply address;
- telephone numbers;
- e-mail addresses;
- date of birth;
- details of a secondary contact (e.g. name and phone number);
- energy usage (e.g. meter readings and units of gas and electricity used over a period of time);
- national insurance number;
- details of state benefits that you receive;
- financial information (e.g. bank account details);
- credit history;
- personal requirements and lifestyle;
- permissions (e.g. we will record if you have consented to e-mail marketing);
- your preferences (e.g. if you would prefer paperless billing);
- if you are a home owner or renter;
- survey responses;
- Energy Performance Certificate (EPC) data;
- information about any other accounts you hold for gas, electricity, broadband or telephone, including the name of the supplier and payment methods;
- for electricity customers, your Meter Point Administration Number (MPAN) to identify your electricity supply;
- for gas customers, your Meter Point Reference Number (MPRN), that identifies your gas supply;
- for broadband customers, your Migration Authorisation Code, that provides important information about your internet connection;
- if you are applying for Help to Heat Group Benefits, a mortgage statement;
- if you wish to attend one of our sponsored events, venue and dietary preferences, accessibility requirements and an emergency point of contact;
- if you have a smart meter it automatically sends us information about the gas and/or electricity that you use;
- if you engage with us through social media, we collect your name and store a link to your relevant social media profile, which we combine with details of your previous correspondence with us;
- if we, or third party suppliers, carry out a home visit, we may collect personal information about you or a member of your household from that visit. E.g. we may record information if we suspect that you or a member of your household may benefit from Priority Services;
- if we suspect that someone has committed fraud or stolen energy, e.g. by tampering with a meter or diverting the energy supply, we will record that information;
- if you register an account for services with us, we create and record customer ID numbers for you and record the date of your application; and/or
- If you are part of the Group Feed-in-Tariff (“FIT”) Scheme or Smart Export Guarantee (“SEG”) Scheme, we will collect regular generation/export meter readings; generation/export meter details; data required for identification and address checks; details of company affiliations; details of nominated persons; contract details; micro generation certification scheme information; and (where necessary) EPC information for the property.
We need this personal information so we can provide services and/or products to you. If you don’t provide us with that personal information you may not be able to access certain products and/or services.
2. How do we use your personal information?
We, or third parties on our behalf, collect, use and store the personal information collected about you to
(a) Provide, or obtain on your behalf, relevant products and/or services, benefits, and rewards;
(b) Respond to any enquiries or issues you have;
(c) Identify you;
(d) Detect and prevent crime, fraud or loss;
(e) Contact you, or authorised third parties, about our services and/or products, such as sending you information when you sign up or change tariffs, service announcements and administrative messages;
(f) Train our staff and improve our products and services, which may mean that we monitor and record communications that we have with you including phone conversations, emails, SMSs and web chats;
(g) Use data analytics to understand and improve the way we do things as a business;
(h) Conduct, and contact you in relation to, market research e.g. through customer satisfaction surveys and questionnaires;
(i) Obtain government funding for the supply of energy efficiency measures to individuals;
(j) Identify offers and advice tailored to your needs or lifestyle;
(k) Ensure the health and safety of you, our staff and contractors;
(l) Make decisions about the products and/or services and terms and conditions that we can offer to you e.g. if you ask for certain tariffs we will assess if anything prevents us from offering that tariff to you;
(m) Make personal projections about the amount of energy you are likely to use in a given period;
(n) Use information collected from your visit to our website for administrative purposes; for troubleshooting, data analysis, testing, research and statistical and survey purposes; to ensure content is presented in an effective manner; and to enable you to participate in interactive features;
(o) Use data collected from your smart meter to enable us to work out your bills and to identify and prevent fraud or energy theft. If you have a Smart Meter you will find more information about how we use your information in our Terms and Conditions and our Data Privacy Charter;
(p) Respond to or resolve any enquiries or requests that you may have from social media;
(q) Use FIT data to register the installation onto the FIT scheme through the Central FIT Register, act as administrators and facilitate payment through the scheme, act as a mandatory licensed supplier for the SEG scheme;
(r) Enable internal corporate reporting, business administration, adequate insurance coverage, the security of company facilities, research and development, and to identify and implement business efficiencies;
(s) Comply with any procedures, laws and regulations which apply to us – including where we reasonably consider it is in our (or others) legitimate interests to comply; and
(t) Establish, exercise or defend our legal rights – including where we reasonably consider it is in our (or others) legitimate interests.
2.2 Green Deal
If you’re a Green Deal customer you’ll find out more about how we use your information in our Green Deal Privacy Charter.
2.3 Marketing Communications
Unless you’ve asked us not to, we may contact you in writing, by phone and (where you have consented) via email or SMS with information on products, services and rewards that we, other companies within the Group, and occasionally our carefully selected partners identified at the time we collect your information, offer. We may use third parties to send marketing communications.
Unless you have asked us not to, we may also use your personal data to show you digital advertisements via your social media newsfeed, on search engine results pages, or on other websites.
Unless you have asked us not to, we may profile your data to provide you with marketing and offers that are relevant to you. If you opt out of profiling we will still run analysis that includes your data, but any decisions or marketing output that result from that analysis will not be used to market to you. You will be sent generic marketing that may not be relevant to you.
You can object to our use of targeted marketing for direct marketing purposes or opt out of receiving marketing messages. For any other marketing queries, contact us at any time using the details in section 12.
3. How do we use your sensitive personal information?
We treat some of the information that we collect about you as being particularly sensitive, such as requirements for your welfare or details of criminal convictions. We will use this information in the following ways:
3.1 Your welfare and the welfare of other householders
With your consent, we’ll use the information that we collect about your (or a member of your household's) requirements for your welfare (e.g. due to age, health, disability or financial circumstances), to:
(a) ensure your welfare and the welfare of other householders e.g. ensuring we do not stop your supply and can respond appropriately during a major incident or emergency situation;
(b) provide products and/or services to you in the most appropriate way e.g. if you require large print or braille communications;
(c) manage staff and third party contractors; and
(d) provide you with the most appropriate customer experience where you attend a Group event.
With your consent, we may also share this information with the following individuals or organisations:
(a) social services, charities, health-care and other support organisations;
(b) other energy suppliers if we believe you are considering changing supplier as part of the Energy Retail Association ‘safety net procedures’;
(c) relevant gas transporters, metering agents or network operators; and/or
(d) other relevant organisations, such as emergency responders or local authorities, which may be able to provide support.
3.2 Criminal offences data
We use details of any criminal offences you have been accused of, together with information about whether the gas or electricity supply to your property has been tampered with or stolen in the past (or if we suspect that it has), for the following purposes:
(a) To make decisions about what products and services we can offer you, and the relevant terms and conditions;
(b) To make decisions about whether to disconnect you; and
(c) To detect and prevent fraud or crime in collaboration with the relevant third parties listed in section 7.
4. What information do we receive from third party sources?
We also receive your personal information from the following third party sources:
(a) Other energy suppliers – including meter readings, equipment and payments from your existing energy supplier when you ask to switch your account to us. We may also receive details of suspected fraud or energy theft for the purposes of identifying and preventing fraud or crime;
(b) National databases supporting the energy transfer process, including ECOES, Xoserve, and PAF, which provide us with information about the supply of energy to each address in the UK. We may use a third party to facilitate access to this information;
(c) Credit reference or fraud prevention agencies – More information can be found at 7(p) and 7(q) below;
(d) Data providers – we collect information from third party data providers, including aggregated geo-demographic and lifestyle data, and combine this with account information to conduct statistical analysis. These customer insights help us to plan our marketing activities, target our marketing communications, and conduct market research and business development;
(e) Councils, local authorities or housing associations – we may receive your name, address and contact details where they would like carbon-saving measures applied to your property under relevant government funding schemes;
(f) Letting agents, landlords, cohabitants, previous tenants or other third parties – if you have recently moved into, or taken over, a property that we supply energy to or if that third party introduces you to the Group, for the purposes of setting up your account;
(g) Ofgem – as a regulated entity, we may receive your personal information from our regulator, Ofgem, in order to satisfy our regulatory obligations;
(h) Law enforcement agencies (such as the police) to identify and prevent fraud or crime;
(i) OVO group companies for internal administrative purposes such as ensuring consistent delivery of our services to customers;
(j) third party introducers (such as price comparison websites) to set up an account for you and to provide the services that you have requested;
(k) the Department for Work and Pensions, e.g. to check your eligibility for the Warm Home Discount Scheme; and
(l) the Department for Business, Energy and Industrial Strategy (BEIS), for example where they request information about FIT installations.
5. Legal Bases for Processing
We’ve assessed that the legal bases for using your personal information as set out in this notice are as follows:
(a) Contract – our use of your personal information is necessary to perform our obligations under any contract we have with you; or
(b) Legal Obligations – our use of your personal information is necessary for complying with our legal obligations; or
(c) Our Legitimate Interests – to:
(i) Run, grow and develop our business;
(ii) Detect and prevent fraud;
(iii) Enhance the security of our network and information systems;
(iv) Ensure that our own processes, procedures and systems are as efficient as possible;
(v) Better understand how people interact with our website;
(vi) Analyse and enhance the information that we collect;
(vii) Determine the effectiveness of our promotional campaigns and advertising; and
(viii) Enhance, modify, personalise or otherwise improve our services and communications for the benefit of our customers. If you have concerns about the processing activities based on our legitimate interests, please see section 12.
(d) Consent – In the following specific circumstances we rely on your consent to use your personal information in a particular way:
(i) we use information about vulnerabilities to ensure the welfare of you or your household, or to provide our products and services in the most appropriate way for you; or
(ii) to send you marketing information by email or SMS.
If we rely on your consent in these ways, but you later change your mind, you may withdraw your consent by contacting us using the details in section 12 and we will stop doing so.
6. Automated decision-making
We use automated decision-making in the following ways:
(a) Determining your Home Services cover renewal price
We use an automated calculation to enable us to make a fair and responsible decision on what pricing we can offer you based on the cost of maintaining your boiler. We will consider:
- your boiler make and model;
- the length of time you have had cover;
- your geographical location;
- your claims history; and
- whether non-standard system parts are required (including thermal store and unvented cylinders).
If we consider your boiler to be non-standard and/or you have made a claim against your product and/or you live in an area where we have a higher cost to serve, your individual renewal price may increase.
(b) Credit Vetting
We use automated credit scoring assessments to determine the suitability for you to take any product or service on a credit basis. We may consider:
- Data included in your application for a new product or service;
- Data that we already retain on you such as payment history for existing products and services, including data from accounts where you are named jointly with one or more additional account holder;
- Information from one or more credit reference agency; and/or
- Where appropriate, data from fraud prevention agencies.
If we decide that offering unsecured credit is not appropriate, we may require energy customers to pay a security deposit, or pay through a pre-payment meter or a smart meter operating in pre-payment mode. We may ask you for payment security at any time should we determine that unsecured credit is no longer appropriate for you.
For non-energy products such as telephone or broadband, where we determine that credit is not appropriate we may decide not to continue with your application. We will write to you to inform you of this decision.
(c) Warm Home Discount
Where applications are made online, and to speed up the processing of paper application forms, we use an automated process to verify eligibility for Broader Group Warm Home Discount rebates. This means our computer system will match the benefits you have ticked on your application to check whether you meet the criteria required to receive the rebate. The criteria are described within the online journey, and on the paper application form.
6.2 You can appeal any automated decision, receive an explanation of the decision or require human review of the decision by contacting us using the details in section 12.
7. Who do we share your personal information with?
We will share your personal information with the following categories of third parties:
(a) our third party suppliers, partners and sub-contractors that provide, review and/or receive services in relation to our website, services and/or products, which include: payment processors; suppliers of technical, support and installation services; insurers; logistics providers; call centre service providers; security providers; cloud services providers; research agencies; and, if you are entitled to claim government funding for energy efficiency measures, installers, energy performance assessors and sales advisers.
(c) where appropriate, family members or cohabitants, previous tenants, landlords, letting agents or other third parties who/which may require information about you or your premises, or who introduced you to us;
(d) if we’re under a duty to disclose your information in order to comply with any legal obligation, government or law enforcement officials as may be required to meet national security or law enforcement requirements or prevent illegal activity;
(e) other energy suppliers – if you choose to leave us, we’ll share your information with the other suppliers to assist the switching process, including energy usage and any debts on the account. We may also share your personal information where they carry out services for us, e.g. if they carry out meter readings at your property for us;
(f) regulators or other legally appointed bodies (such as Ofgem) for legal or regulatory purposes, e.g. if requested we may send your information to Ofgem to prove that you qualify for relevant government funded schemes;
(h) companies or partner organisations which provide services in relation to, or use information as part of, market research;
(i) third parties that help us with advertising and marketing. For example, we share limited personal information with the following third parties who serve advertising on their platforms on our behalf: Amazon, Viant, Facebook and Google Adwords;
(j) relevant gas transporters, metering agents or network operators;
(k) debt collection and tracing agents if we provide you with services and you fail to make payments. We may also sell the right to recover any sums due to us to a suitable third party in accordance with our General Terms & Conditions for the Supply of Electricity and/or Gas. We may pass personal information necessary for evaluation of the debt to prospective buyers prior to the sale being completed;
(l) authorised third parties or named account holders on any account you hold with us;
(m) if we sell, merge, or perform any internal re-organisations in relation to any of our (or any third party's) business or assets, the personal information will be one of the transferred assets to the relevant buyer and/or new data controller of such business or assets;
(n) if you are a Home Services customer we may share your data with an insurance underwriter who underwrites our insurance products. We may also share your data with an alternative dispute resolution provider if you have a complaint relating to your non-insurance product that we are unable to settle;
(o) any third party where required to:
(i) enforce or apply our terms and conditions or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; and
(ii) protect the rights, property or safety of the Group, our staff, customers or others.
(p) credit reference agencies
Where it is necessary to credit check you, we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an on-going basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail on the Experian website.
(q) fraud prevention agencies
(i) To help us identify fraud and energy theft, we will give details of your account to fraud prevention agencies who will use the information to check public and other databases they hold and may provide information to us to help identify fraud and energy theft. Checks will be performed on a regular basis whilst you hold an account with us.
(ii) If we suspect or can confirm theft of energy has occurred, a record will be kept by fraud prevention agencies which may include sensitive information about alleged criminal offences. The fraud prevention agencies may provide the information to other energy companies to help identify fraud and detect energy theft but only in limited circumstances where you have accounts with them. Where theft has been identified, your account terms may change, but we will notify you separately if this is the case.
(r) for FIT and SEG customers, we will share information with the Department for Business, Energy and Industrial Strategy (BEIS) and (where relevant) the Central FIT Register where requested.
8. How is your personal information transferred outside of the EEA?
We, or a third party who we share personal information with, may host, store and handle that personal information outside of the European Economic Area (EEA).
In particular, some of our simpler customer service work is performed outside the EEA, to ensure we operate as efficiently as possible. This means that we will transfer your personal data to a supplier based outside the EEA.
Where we transfer data outside of the EEA, we ensure that adequate safeguards have been put in place to protect your personal information.
This means that we will:
(a) ensure that the country in which your personal information will be handled has been deemed “adequate” by the European Commission under Article 45 of the General Data Protection Regulation (GDPR);
(b) include standard data protection clauses approved by the European Commission for transferring personal information outside the EEA into our contracts with those third parties (these are the clauses approved under Article 46.2 of the GDPR); or
(c) (in the case of transfers from the EEA to the USA), ensure that the recipient of the personal information has certified with the US-EU Privacy Shield Framework, as permitted by Article 46.2 of the GPDR.
9. How long do we hold your personal information?
We keep your personal information for no longer than is necessary of the purposes for which the personal information is processed. The length of time we retain it for depends on the purposes for which we use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.
This means that some of your personal information will be kept for a short time e.g. we may keep copies of correspondence and complaints for up to three years following resolution. Other information may be kept for a longer period of time, e.g. we keep details of your address for a period of up to six years after your account has settled (but for a shorter period if that is possible).
10. How will we change this privacy notice?
We may update our privacy notice from time to time. Any changes we make to our privacy notice in the future will be posted on the Group website and, where appropriate, notified to you by post or email.
11. What choices and rights do you have in relation to your personal information?
You may contact us using the contact details provided in section 12 to request that we:
(a) confirm whether your personal information is being processed;
(b) provide you with further details about how we process your personal information;
(c) provide you with a copy of any personal information which we hold about you;
(d) where we rely on your consent as a legal basis to justify using your personal information, withdraw your consent to that use;
(e) consider any valid objection to the processing of your personal information (including the right to object to processing where we are relying on our legitimate interests as a legal basis for processing);
(f) ask us to update or delete personal data which we hold about you;
(g) restrict the way that we process your personal data;
(h) consider any valid request to transfer your personal data relating to an energy account to a third party provider of services (data portability); and
(i) where we carry out automated decision-making that has legal or similarly significant effects on you, ensure that we manually review that decision, provide an explanation of that decision and/or consider your appeal of that decision.
11.2 We will consider all those requests.
However, certain personal information may be exempt from those requests in certain circumstances, which may include needing to keep processing your personal information for our legitimate interests or to comply with a legal obligation.
11.3 If an exemption applies, we will tell you this when responding to your request.
We may ask you to provide us with information necessary to confirm your identity before responding.
12. How can you contact us?
To submit a subject access request, please email us at email@example.com or send a letter to The Subject Access Requests Team, OVO, Grampian House, 200 Dunkeld Road, PERTH, PH1 3GH.
To submit a right to erasure request, please email us at retailRTERrequests@sse.com or send a letter to The Right to Erasure Team, Unit 4, Penner Road, Havant, PO9 1QH.
You can write to our Data Protection Officer (DPO) at Data Protection and Legal team, OVO Energy, 1 Rivergate, Temple Quay, Bristol, BS1 6ED.
If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) using the following details: