Policy Compass
Other topics

ECO privacy notice

This privacy notice tells you what to expect when we collect your personal information under the Energy Company Obligation (ECO). This privacy notice also sets out your rights as a data subject.

It applies to information we collect about:

  • householders/occupiers who have an energy efficiency measure installed under the ECO scheme into their premises
  • people who contact Ofgem with a query or right of access request regarding ECO
  • people who sign up to receive the ECO newsletter

This privacy notice only covers the processing of information relating to ECO. It covers the processing of information relating to ECO measures installed under the current ECO scheme (ECO4) and ECO Flex as well as the previous ECO schemes (ECO1, ECO2, ECO2t and ECO3).

To find out more information on how Ofgem processes personal data, refer to the Ofgem Privacy Policy.

Controller

The Controller for the processing of any personal information as outlined in this privacy notice is the Gas and Electricity Markets Authority, (GEMA). For ease of reference, this privacy notice refers to the administrative office of GEMA, "Ofgem" throughout.

We receive your information via energy suppliers and Local Authorities (under ECO Flex), who provide us with information about the energy efficiency measures they have installed at your household:

This information includes:

  • your address at which the measure has been installed
  • and in some cases information relating to or including: 
    • confirmation of whether you are in receipt of one or more state benefits
    • the nature of your right to occupy the premises
    • combined household income
    • if a person at the premises is considered vulnerable to the cold
    • the right to free school meals
    • entitlement to council tax reduction
    • periods of no credit on pre-payment meter, participating in an energy debt recovery plan or identified as struggling to pay energy bills
    • special category data, in particular information related to your health as evidence you are eligible for the scheme
    • referral by relevant authority

The information notified to us does not include your name. 

We will collect information directly from you where: 

  • you sign up to our newsletter. We will collect and store your email address in order to send it to you. You can request to be taken off the distribution list at any time by emailing: eco@ofgem.gov.uk
  • you contact us with an enquiry regarding the scheme

<!-- Error: Could not parse collapsible container XML -->

We collect your information if you:

  • visit our website to remember you when you make repeat visits. You can find out how we do this through the use of cookies by viewing our page on use of cookies on the Ofgem website
  • engage with us when we carry out our regulatory and administrative functions
  • make enquiries about ECO
  • use our services e.g., subscribe to our RSS feeds, e-newsletters, social media sites, email alerts or request a publication from us
  • contact us via email, telephone or written enquiry in relation to ECO
  • contact us in relation to information requests, complaints, and general enquiries

We only collect information that we need to effectively administer the government’s ECO scheme in line with the requirements under legislation, as detailed within this Privacy Notice. We will only disclose your personal information in the following circumstances:

  • where the disclosure is required by law, statutory direction, court orders, or is necessary for the purposes of the administration or development of ECO
  • where you give us explicit permission to disclose it
  • for the processing and sharing of relevant information during audits

Also, we will share information with the following organisations as required:

  • third-party auditors or other third parties for the purposes of either auditing the information provided to us by you or providing an assurance report (we will require such third parties to agree to treat the information in accordance with this privacy policy)
  • Third party suppliers, appointed by us in connection with our scheme administration. This may include research companies or agencies appointed to conduct surveys on our behalf
  • Action Fraud in England or Wales or the Police in Scotland when we have found instances of suspected fraud
  • energy suppliers, industry/accreditation/certification bodies to help ensure that installation work is carried out to the required standards and in accordance with the requirements of the scheme
  • in order for some installers and energy suppliers to confirm whether you are entitled to ECO Help to Heat funded measures, they will share your personal data with the Department for Work and Pensions via a third-party service provider, the Energy Saving Trust
  • the installer of the measure; we will only release whether the measure has been notified to Ofgem (after verifying their identity) and, where asked by the installer, information relating to monitoring of the measure
  • the landlord, social housing provider or local authority of the property in relation to their own properties
  • Qlikview, where we use their software platform to conduct data analytics
  • Huddle and Egress, where we use their platform to securely share data with other organisations
  • the Energy Savings Advice Service (ESAS), where you have opted into the referrals service operated by ESAS under ECO1 or ECO2 (including ECO2t), and we have been provided with your referral number by a supplier, we will provide this number to ESAS in order to verify that it is a valid number
  • the Department for Energy Security and Net Zero (DESNZ), who may issue a notice that legally compels Ofgem to disclose specified information notified by energy suppliers about energy efficiency measures installed (this includes the personal information listed above in section 3). DESNZ may share your information with its contractors or sub-contractors for these purposes. DESNZ have also published a privacy notice covering how they use personal data
  • The Welsh Government and their approved contractors for the Welsh Government to report on and monitor devolved energy policy in Wales
  • The Scottish Government and their approved contractors for the Scottish Government to report on and monitor devolved energy policy in Scotland
  • Department for Environment Food and Rural Affairs
  • Trading Standards and the Serious Fraud Office
  • Local Authorities in Great Britain (upon request), who require information for their Net Zero Strategies, identification of measures in council housing and other functions within their remit
  • The Heat Trust, with whom we may share users’ addresses for the purposes of ensuring district heating connection measures are registered with the Heat Trust where required by ECO rules
  • Renewable Energy Consumer Codes, who assist us in the protection of consumers
  • The Home Insulation & Energy Systems Quality Assured Contractors Scheme, who assist us in the protection of consumers
  • Electricity Distribution Network companies, with whom we may share some registered user personal information to verify information you have provided for the purposes including, but not limited to, investigating suspected fraud
  • The government-endorsed quality scheme TrustMark who provide assurance, certainty and protection to homeowners and is responsible for the administration of the ECO technical monitoring. 

We will also share information where required to facilitate data matching for the purposes of the administration of the Green Homes Grant scheme; this will require your data to be shared with the scheme administrator, ICF Consulting Services Limited, and NotBinary.

We collect and process your information under the ‘Public Task’ legal basis for processing as part of our remit as the ECO administrator (UK GDPR, Article 6(1)(e)).

In some circumstances we will process special category data (e.g. information related to your health as evidence you are eligible for the scheme). In these circumstances, the processing will be based on a substantial public interest and carried out in accordance with the Ofgem Privacy policy document.*  In all other cases, we will tell you the condition upon which we are processing your special category data.

We would not be able to fulfil our obligations as the administrator of the ECO scheme without collecting your information.

*The Ofgem Privacy policy document explains how and why Ofgem collects, processes and shares special category data.

We may process your information for the purpose of conducting surveys. Where we do so, this is necessary for the purposes of legitimate interests pursued by us within the meaning of article 6(1)(f) GDPR. Where you agree to participate in a survey, we will also process your information based on your consent. Ofgem have a legitimate interest to understand our overall reputation among stakeholders and stakeholder’s expectations of Ofgem. Ofgem wish to understand perceptions of performance against strategic priorities, regulatory performance, and establish a baseline on these metrics for Delivery and Scheme participants. Ofgem also wish to use analysis of data to identify areas where engagement methods, systems and processes could be improved for customers and stakeholders in their experience with us.

Where you subscribe to our ECO newsletter, we also process sending you this on the basis of your consent (UK GDPR Article (6)(1)(a)). You can request to be taken off the distribution list at any time by clicking the unsubscribe link at the bottom of the newsletter, or by emailing: eco@ofgem.gov.uk

Your personal information collected under the ECO will be deleted when we no longer need it for our functions in administering the ECO, Carbon Emissions Reduction Target, Community Energy Saving Programme, Energy Efficiency Commitment, energy Efficiency Standards of Performance and the Government Electricity Rebate schemes. As such your personal data is retained by Ofgem for the duration of the scheme, and for a period of 7 years there after.

Information regarding measures linked to specific addresses will be maintained for up to 25 years following the closure of the scheme.

Any information you provide will not be transferred outside the European Economic Area. 

Where we use cloud processing to support our data processing, the servers are located within the European Economic Area. 

If we hold information about you, you have the right to:

  • be informed about the data we hold about you;
  • access the information we hold about you;
  • have your personal information corrected if it is incomplete or inaccurate;
  • ask us to restrict how we process your information;
  • object to certain ways we use your information;
  • in some circumstances, you may have a right to object to Ofgem processing your information;

To see the full suite of new consumer rights available to you under UK GDPR, please refer to the Ofgem Privacy Policy or the ICO website. The Ofgem privacy policy also provides information on how Ofgem processes personal data. 

If you would like to:

The Data Protection Officer

Ofgem

10 South Colonnade

Canary Wharf

London

E14 4PU

You have a right to complain to the Information Commissioner. If you want to raise a concern about how we have handled your information, you can report it directly to the Information Commissioner’s Office at the following address:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Telephone: 0303 123 1113

Online: Live chat

We keep our privacy policy under regular review. This privacy policy was last updated on 28 March 2025.

Decision - Wormington Compressor Emissions Final Preferred Option

Decision

Feed-in Tariff (FIT) levelisation report - October to December 2022

Transparency document

On this page

Controller