Privacy Notice and Cookies Policy
About ESB Energy
ESB Energy Limited is the UK retail division of the Electricity Supply Board (ESB). ESB currently supplies electricity, gas and energy services to households and businesses in the UK and Ireland. For purposes of data protection law, the “data controller” is ESB Energy Limited.
We respect your privacy
This privacy notice applies to the use of personal data by ESB Energy. It explains what information we collect, how we use it, who we share it with and how we protect it. It also details the rights available to you in relation to how we hold and use your personal data, how to exercise those rights, and what to do if you require more information or wish to make a complaint. This privacy notice applies to all personal data we hold, irrespective of any relationship with us. For example, we may hold information about current customers, previous customers, prospective customers and competition entrants.
Why we collect your Personal Data
We collect your personal data so that we can manage our relationships with you. Activities that we require personal data for include:
• Performance and maintenance of a supply contract
• Provision of other services
• Improving our existing products and services
• Developing new services
• Responding to requests and providing information
• A range of other activities which we are obliged to undertake, or which we have gained consent to complete We ensure that the information we collect is appropriate to the purposes for which it is obtained.
Security of your Personal Data
We keep our computer systems, files and buildings secure by following legal requirements and international security guidance. We make sure that our staff, and anyone with access to personal data that we are responsible for, is fully trained on how to protect personal data. We ensure that our processes clearly identify the requirements for managing personal data and that they are up to date. We regularly audit our systems and processes to ensure that we remain compliant with these policies and legal obligations.
Types of Personal Data we may hold and where it comes from
At ESB Energy, we recognise the importance of personal data entrusted to us. We may collect and hold a range of information about you. Examples of the types of information we may hold includes:
- Information about you and your premises; this includes contact information and personal security information that you have provided to us, to help us correctly identify you when you contact us.
- Contact details for you that we have received from the previous resident at an address that you are moving to in order to facilitate continuity of service. - Contact details for you that we have received from a price comparison websites where you have indicated a desire to switch to our services.
- Bank account or credit card details that you have shared with us in order to pay for services we have provided. - Information about your current and past use of electricity and/or gas.
- Information about how you use other products and services that we supply.
- Information about your interactions with us.
- Information provided by you when you take part in competitions we organise.
- Information about customers’ special requirements where continuity of energy supply is critically important.
- Recordings of telephone conversations between you and our customer support teams. We collect most of this information directly from the individuals that we interact with, when they contact us in writing, by telephone or electronically (by email, using our website or on social media). Some information is collected as a result of individuals using our services, or interacting with us. We may also obtain information about individuals from external parties, such as price comparison websites.
How long we keep data
Information collected by us will be held for as long as it is required to fulfill the purpose it was collected for and to protect our business and our rights. We are required to keep certain types of information for a specific period of time in order to comply with legal requirements. The length of time we keep any part of your personal information will depend on the type of information and the purpose for which it was obtained.
How we may use Personal Data
We use personal data so that we can, in accordance with our customer contracts, provide our services and perform general account management. In addition we may also use personal data in some of the following ways:
• Providing requested information about our products and services
• Setting up new accounts and billing arrangements
• Monitor product (Electricity/Gas or other offerings) usage • Generating and sending invoices • Monitoring payment activity and managing debt
• Discussing and responding to requests for information or general account queries • Running loyalty and reward programmes you have signed up to
• Analysing account and payment activities to help identify alternative, or more appropriately tailored price plans and payment schedules that could be offered
• To enable us to comply with any legal or regulatory requirements
• To protect or enforce our rights or the rights of any third party
• To provide limited account information to other energy suppliers in the event of a customer switching supplier
• In the detection and prevention of fraud and other crime
• For the purpose of safeguarding someone’s vital interests, national security, responding to statutory obligations or requests from the courts and enforcement authorities
Activities that require your consent
In order for us to carry out certain activities using your personal data, we may need to ask for your consent. For example, in order to allow us to make contact with you via email or SMS to make you aware of new products that may be of interest to you, we need you to have provided us with prior consent to do so. When consent is being requested, we will provide options such as the choice of whether we may contact you by phone, post, email, text or through other digital media. Where we require consent, we will explain why and provide sufficient information to allow you to make an informed decision. When we receive consent to perform such activities, that consent may be withdrawn at any time by contacting us.
Should there be any reason for us to collect sensitive personal information (e.g. medical data), we ask for consent to collect it. Before consent is given, we explain what information will be collected and what we will use it for. Again, this consent can be withdrawn at any time by contacting us.
Who we share information with
We may share your personal data with, or disclose your personal data to, the following categories of third party:
• Energy market participants: as a participant in the UK energy market, we are required by the Office of Gas and Electricity Markets (Ofgem) to provide some limited account information to other energy market participants when a customer is switching energy supplier.
• Agents or suppliers: these are persons or companies we have contracts with to provide products or services that we use in conducting our business, including managing our relationship with our customers. In many cases, they will be within the European Economic Area (EEA) but in some cases they may be outside of the EEA. We will only share or disclose to these parties the information that they need in order to provide the products or services, and will require those parties to ensure that the information is always adequately protected.
• Professional advisers: we may share or disclose personal data to professional advisers we may engage for any reasonable purpose in connection with our business, including assistance in protecting our rights.
• Other external bodies: in certain circumstances, we may be required by law to disclose personal data to external bodies, such as local councils, government departments or the UK Police force. In these cases, we will only disclose the minimum amount of information required to satisfy our legal obligation. However, once the information is disclosed, we will not be able to control how it is used by those bodies.
How to contact us
The collection and use of your data by ESB Energy is overseen by the ESB Group Data Protection Officer. If you wish to contact our Data Protection Officer, you can email firstname.lastname@example.org or via post at Data Protection Officer, ESB, Two Gateway, East Wall Road, D03 A995, Dublin 3, Ireland.
How we address your rights
As ESB Energy captures, stores and processes your personal information in order to carry out a range of services and activities, you have a range of rights available to you to give you confidence that your information is appropriately managed. The rights that you have available to you include:
Gaining access to and copies of your personal data: you are entitled to receive, on request and free of charge, a copy of all your personal data that we hold. There are some limitations to this right. For example, if the data also relates to another person and we do not have that person’s consent, or if the data is subject to legal privilege. Where there is data that we cannot disclose, we will explain this to you.
Ensuring that your data is accurate: our aim is to ensure that the data we hold about you is correct and up to date. From time to time we may contact you to verify the information that we hold. You may also contact us to correct any errors that you notice.
Granting or Removing consent: where we require your consent for any processing, for example, to provide you with direct marketing communications, we will clearly explain what the consent is for, and any consequences of giving or refusing consent, and will provide that consent can only be given by way of a positive action by you. We will also ensure that you are able to withdraw any such consent at any time.
Restricting processing of your data: you have the right to request us to restrict the processing of your personal data in certain circumstances, for example, if there is a dispute over our rights to carry out specific processing activities, or where you do not want us to delete data. We will respond promptly to your request and will provide an explanation if we cannot fully comply.
Deletion of your data: in certain circumstances, you may have the right to have some or all of your personal data deleted from our records. This is sometimes referred to as the “right to be forgotten”. This may occur if, for example, we retain data which is no longer required by us, or if you withdraw a consent. If you continue to have a relationship with us, we must retain the data we need to manage this relationship. We will respond promptly to your request, and provide reasons if we object to the deletion of any of your personal data.
Moving your data: where it is possible for us to provide it, you have the right to receive a digital copy of the personal data that you have provided to us.
International Transfers of Data: in certain circumstances, we may transfer your personal information internationally, including outside of the European Economic Area (EEA). Should we do this, we ensure that all transfers are made in accordance with data protection law and that your data it will be given an equivalent level of protection that it has when it is being managed in the UK.
How to make a complaint
If for any reason you have a complaint about our use of your personal information, or you are unhappy in any way with the information we provide to you, we would like you to contact us directly so that we can address your complaint. You can contact us via our customer support centre on 0345 6070 372, by email at email@example.com or by postal mail at Data Protection Officer, ESB, Two Gateway, East Wall Road, D03 A995, Dublin 3, Ireland. You may also contact the Information Commissioners Office on 0303 123 1113, by emailing through their website at https://ico.org.uk/global/contact-us/email/ or by postal mail at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Changes to our privacy notice
We will occasionally update this privacy notice. We will post a notice of any material changes on our website prior to implementing the changes, and, where appropriate, notify you using any of the contact details we hold for you for this purpose. We encourage you to periodically review this notice to be informed of how we use your information.
What is a cookie
A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. Cookies make it easy for websites to collect precise user-specific information about their visitors. This generally makes it simpler for you to navigate the web and enjoy a personalised experience. Many cookies do essential jobs. For example, authentication cookies identify who you are when you try to log into an account. Other types of cookies enable you to shop online, storing items as you add them to your virtual shopping basket.
Types of cookies
Cookies can be either temporary (session cookie) or permanent (persistent cookie). Session cookies are stored in your device’s temporary memory – not on your hard drive – while you’re browsing a website. Usually these cookies are deleted when you close the browser. If you were to reopen the browser and revisit the website, the site would not ‘remember’ that you had visited previously. Session cookies remain active only until you leave a site. Persistent cookies remain stored on your hard drive, persisting from session to session until you delete them or they reach a set expiration date. Persistent cookies can store information such as log-in details, bookmarks, credit card details and preferred settings and themes - resulting in a faster and smoother web journey.
How to control cookies
You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
The cookies we use on our website can be grouped into four different categories. Strictly necessary cookies: are essential in order to enable you to navigate around our website and use its features. Without these cookies, we would be unable to provide you with the services you have asked for. Functionality cookies: allows our website to remember choices you make and help to provide an enhanced, more personal experience on our website. Performance cookies: helps us improve our website and our online services. These cookies gather information about how our site is used, including which pages are visited most often. This helps us to provide a better user experience. These cookies are anonymous – which means that they won’t collect information to identify you. Targeting & Advertising cookies: are used to help us better understand our advertising campaigns and how we can make these more relevant to you. These cookies are also anonymous, they won’t collect information to identify you. Our website can send cookies to your web browser if your browser's preferences allow it. Many websites do this whenever a user visits their website in order to track online traffic flows. ESB Energy’s website, including the customer account portal, requires cookies to be enabled in order for the service to function properly. If you disable cookies, you may not be able to avail of some of our online services. If you use the website without changing your settings, we’ll assume that you are happy to receive all cookies on the ESB Energy website.
ESB Energy Webchat Services
Please note that if you are accessing our webchat via a Firefox internet browser, our GDPR notification is currently not appearing. We are currently working on resolving this issue.
Page updated: May 2018