Introduction

The Energy Company Obligation (ECO) scheme involves major energy suppliers offering financial support for implementing energy efficiency measures in residential properties. To proceed with installing a measure in your home under the ECO scheme, we require certain personal information from you, which will be shared with other organizations. Rest assured, we will only gather and utilize personal data as outlined here, ensuring compliance with legal obligations and respect for your rights.

The personal information we gather and utilize includes:

  • Your name, address, and, in certain cases, your date of birth (to verify your eligibility for the scheme and to communicate with you regarding your installation).
  • Verification of identity (collected for evidential purposes or to confirm eligibility).
  • Documentation demonstrating proof of benefits and income issued by the Department for Work and Pensions and HMRC (limited to confirming eligibility for the scheme).
  • Your phone number and email address (for necessary communication related to the purpose stated in this notice).
  • Optional: Details of your financial contribution toward the installation cost (to aid the Department for Business, Energy and Industrial Strategy in devising future schemes).

 

Providing Your Personal Data

We will clearly indicate if the provision of certain personal data is optional. However, in all other instances, it is imperative to provide your personal data; failure to do so will result in the inability to install a measure in your home under the ECO scheme.

Using Your Personal Data (Legal Basis and Purpose)

We will process your personal data in the following ways:

  • As required to fulfill our contractual obligations with you, such as managing and executing the contract (including installing a measure in your property).
  • As necessary to pursue our legitimate interests, including verifying your eligibility for the ECO scheme, sharing your data with third parties involved in administering, supporting, or enforcing the ECO scheme (as outlined under ‘Sharing Your Personal Data’), and collecting any financial contributions you’ve made toward the installation cost.
  • As necessary to comply with legal obligations, for instance, in cases where you exercise your rights to make requests under data protection laws.

 

There may be instances where we need to process special categories of data, such as information regarding your health to verify your eligibility for the scheme. In such cases, we will furnish you with separate information detailing how we will process your data and the legal basis for doing so.

 

Sharing Your Personal Data

Your personal data will be shared with the following entities:

  • The Department for Work and Pensions may profile your data to provide a YES/NO response via the Energy Saving Trust, determining your eligibility for the scheme based on relevant benefits.
  • The Office of Gas and Electricity Markets (Ofgem) will:
    • Utilize and share your information to fulfill its statutory obligations.
    • Share your information with the installer to verify notification to Ofgem if requested.
    • Share your information with contracted auditors to ensure scheme integrity.
  • The Secretary of State of the Department of Business, Energy and Industrial Strategy may receive your personal information for research and statistical purposes, potentially linking it with other data sources they hold.
  • The obligated energy supplier will process data as necessary to comply with legal obligations and their own privacy policies while making contributions towards measure costs.
  • Relevant companies supporting installation include:
    • The installer responsible for installation.
    • The installer’s certification body overseeing installations to meet standards.
    • Technical monitoring agents ensuring installations meet standards.
    • Managing agents facilitating funding and installations.
    • External auditing agencies providing data processing assurance.
    • Building control inspectors verifying installations comply with regulations.
    • Guarantee companies offering warranties for measures like wall insulation.
    • Property owners, social housing providers, local authorities, or managing agents where applicable.
    • Software providers processing your data.
  • Any other party required by law or with your consent.

Your provided information may be transferred to third parties outside the European Union if necessary for the outlined purpose. We’ll ensure appropriate safeguards, including those outlined by the ICO, are in place before any transfer.

Your data will be processed solely for ECO-related purposes unless you provide specific consent otherwise.

Criteria for Data Retention Periods:

  • For measures with a twenty-five year guarantee, such as wall insulation, your personal data may be retained for up to twenty-five years or as long as needed to match the guarantees’ lifetime.
  • For all other measures, your personal data may be retained for up to seven years after the scheme concludes, aligning with HM Revenue & Customs record management practices.

The Department for Business, Energy and Industrial Strategy may retain certain information, including your address but excluding personal identifiers, for statistical purposes for up to 25 years.

 

Your Rights, Including Accessing and Correcting Your Data

You have certain rights concerning the information held about you by the Controller, although these rights may not apply in all circumstances. These rights include:

  • Accessing your personal data.
  • Being informed about how we process your personal data.
  • Correcting any inaccurate data.
  • Exercising data portability (moving, copying, or transferring your personal data).
  • Requesting the deletion of your personal data.
  • Restricting the processing of your personal data, or objecting to its processing.
  • Filing a complaint with the Information Commissioner’s Office, which investigates compliance with data protection law (visit https://ico.org.uk/concerns/ for more information).
  • Name and Address of the Controller (and Data Protection Officer):
  • Type of Company (e.g., installation, lead generation, supplier, etc.):
  • Telephone: 
  • Email: