Notice

Energy Company Obligation (ECO) / Great British Insulation Scheme (GBIS): privacy notice

Updated 9 May 2024

Update 9 May 2024

An amendment was made to this notice to include that, for purposes of evaluation, householder’s personal data may be shared by energy suppliers with the Department. This will allow contractors to evaluate the initial stages of the customer journey provided to households before the measures are installed in their properties.

This notice sets out how the Department for Energy Security and Net Zero (the Department) will use your personal data for monitoring, evaluation and research to support public tasks related to the Energy Company Obligation (ECO) 4 Scheme and the Great British Insulation Scheme (GB Insulation Scheme).

This notice is provided to meet the requirements of the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (DPA), to provide transparency in how we process and use personal data and to inform you of your rights. This privacy notice has been created under Articles 13 and 14 of the UK GDPR.

The Department will receive personal data from energy suppliers, TrustMark and the Office of Gas and Electricity Markets (‘Ofgem’). The Department is a Data Controller in respect of the personal data we receive from energy suppliers, TrustMark and Ofgem.

Personal data

Within this privacy notice, ‘personal data’ refers to information that relates to an identified or identifiable individual and only includes information relating to natural persons who:

  • can be identified or who are identifiable, directly from the information in question
  • who can be indirectly identified from that information in combination with other information

This privacy notice applies to information we collect about:

  • householders/occupiers who will have energy efficiency measures installed under the ECO4 Scheme or GB Insulation Scheme, before the installation takes place
  • householders / occupiers who have energy efficiency measures installed under the ECO4 Scheme or GB Insulation Scheme
  • installers and other delivery partners who record project data carried out under the schemes via TrustMark’s Data Warehouse
  • people who contact the Department with a query or right of access request regarding the ECO4 Scheme or the Great British Insulation Scheme

Personal data will also be collected when you create a self-referral to energy suppliers through the Great British Insulation Scheme GOV.UK service.

Personal data collected by the Department through this method will be processed in accordance with a separate privacy notice.

The data

This information includes:

  • address at which the measure(s) will be or have been installed
  • the reason why the property was considered eligible for support under the scheme, such as
    • if a person at the premises is in receipt of eligible benefits (the Department will not receive any data on which benefit or its amount)
    • if the household has been referred through the LA/ Supplier Flex route of eligibility
    • council tax band
    • energy efficiency rating of the household
    • confirmation of tenure type including owner occupied, privately rented or social housing
  • installer name (for example sole trader name or company name), company location and registered office
  • property data, such as whether new or self-build, whether in a rural or urban area, property type such as house, flat, bungalow, etc
  • household characteristics, such as the insulation and heating measures the property housed prior to installation under the Schemes, alongside what measures have been installed at a property.

Householder names, email addresses, phone numbers and householder’s address will be received by the Department.

Purpose

The purposes for which we are processing your personal data are listed below.

1. Monitoring and evaluation of the ECO4 Scheme and the GB Insulation Scheme. Your personal data will be processed for activities including but not limited to:

  • monitoring  approved installations
  • monitoring delivery progress of the schemes
  • the publication of Official Statistics (personal data will not be published)
  • data analysis – the activity of carrying out statistical activities on your personal data, either in isolation or combined with other datasets
  • evaluation of the schemes – our external evaluation partners will receive names, email addresses, phone numbers and addresses of households from the Department, which they will then use to contact some households to offer them the opportunity to participate in surveys and interviews to help us improve the schemes
  • for the purposes of the prevention, investigation, detection, or prosecution of criminal offences including fraud
  • avoiding duplication of support with other schemes

2. For analysis, research and future policy development, your personal data will be processed for activities including but not limited to:

  • research for the development of future energy efficiency policies
  • data analysis – the activity of carrying out statistical activities on your personal data, either in isolation or combined with other datasets
  • conduct research and analysis to support related policies
  • linking – your data may be linked to other datasets in which your data is stored for evaluation, monitoring, and analytical purposes

The legal basis for processing your personal data is public task (Article 6(1)(e) UK GDPR). Processing is necessary for the performance of a task carried out in the public interest. The public task is set out in section 103B of the Utilities Act 2000.

In this instance, the schemes aim to support the installation of energy-saving measures to eligible households at reduced cost to householders, improving economic wellbeing of households reached by the schemes.

Another task which the Department needs to complete is an evaluation of the schemes. A proper evaluation of the schemes is required to assess the value-for-money of public spending, the extent to which the schemes have met their aims and whether they have resulted in the expected impacts. The Public Value Framework published by HM Treasury makes clear the necessity of evaluation to public policy (see paragraph 4.72).

In addition, the Department needs to monitor the schemes and how they are functioning, from an operational, financial and policy development perspective. This is done by producing official statistics and other analysis, some of which will be released publicly. The statistics provide transparent information on the schemes, for example, the number of recipients and approved measures.

Data sharing

For monitoring and research purposes, personal data may be shared by us with:   

  • Welsh Government
  • Scottish Government
  • Office for National Statistics (ONS)
  • other government departments and agencies as required for monitoring and research purposes, for example DEFRA (Department for Environment, Food and Rural Affairs), Department for Levelling Up, Housing & Communities (DLUHC), Department of Health and Social Care (DHSC), Cabinet Office, Prime Minister’s Office
  • HM Treasury (HMT)
  • the National Audit Office
  • any contractor or sub-contractor we appoint for undertaking monitoring or research activities

For evaluation purposes, your personal data may be shared by us with any contractor or sub-contractor that we appoint for undertaking evaluation activities as part of scheme evaluation. These contractors and sub-contractors will not have the right to share your data more widely without the Department’s permission. They will not use your data for purposes other than carrying out the evaluation of the schemes.

The Department will limit the sharing of your personal data to what is necessary and relevant. We will limit the data sharing to those who require it to undertake their contractual obligations in completing work as part of the research, evaluation or monitoring of the Scheme.

Your personal data will be stored on our IT (Information Technology) infrastructure hosted by our processors: Microsoft and Amazon Web Services. Neither party will have accessibility to your personal data.

Retention of data

Your personal data will be kept by the Department for no longer than 10 years to fulfil our functions in evaluating and monitoring the Scheme. Extracts of property-level data may be retained for wider statistical purposes alongside analysis and will be retained by the Department for up to 25 years.

International transfers

As your personal data is stored on our IT infrastructure and shared with our data processors Microsoft and Amazon Web Services, it may be transferred and stored securely outside the UK. Where that is the case, it will be subject to equivalent legal protection through an UK adequacy decision, the use of Standard Contractual Clauses or a UK International Data Transfer Agreement.

Your rights

You have the right to:

  • request information about how your personal data is processed, and to request a copy of that personal data
  • request that any inaccuracies in your personal data are rectified without delay
  • request that any incomplete personal data are completed, including by means of a supplementary statement
  • request that your personal data are erased if there is no longer a justification for them to be processed
  • in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted
  • object to the processing of your personal data

We will not use your data for direct marketing purposes.

To exercise your rights please contact the Data Protection Officer using the contact details below.

International transfers

As your personal data is stored on our IT infrastructure and shared with our data processors Microsoft and Amazon Web Services, it may be transferred and stored securely outside the UK. Where that is the case, it will be subject to equivalent legal protection through an UK adequacy decision, the use of Standard Contractual Clauses or a UK International Data Transfer Agreement.

Contact details

The controller for your personal data is the Department for Energy Security and Net Zero (DESNZ). You can contact the DESNZ Data Protection Officer at:

DESNZ Data Protection Officer
Department for Business, Energy and Industrial Strategy
3-8 Whitehall Place
London
SW1A 2EG

Email: dataprotection@energysecurity.gov.uk

Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is a UK independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Email: icocasework@ico.org.uk
Webpage: Make a complaint
Telephone: 0303 123 1113
Textphone: 18001 followed by 0303 123 1113

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Updates to this notice

If this privacy notice changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it, and under what circumstances we will share it with other parties. The ‘last updated’ date at the bottom of this page will also change.

If these changes affect how your personal data is processed, we will take reasonable steps to let you know.

Last updated: 9 May 2024