Notice

Use of electricity meter data and associated personal data collected through the Non-Domestic Alternative Fuel Payment Scheme: privacy notice

Updated 12 April 2023

Applies to England, Scotland and Wales

This notice is provided to meet the requirements of the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA) to provide transparency in how we process personal data for the Non-Domestic Alternative Fuel Payment (ND-AFP) Scheme in Great Britain, and your rights. It is made with reference to articles 13 and 14 of the GDPR.

Your data

We will collect and process the following personal data related to each electricity meter eligible for the ND-AFP in Great Britain:

• Meter Point Administration Number (MPAN) – a unique reference number that identifies a particular electricity meter
• postcode
• whether the MPAN has received an Alternative Fuel Payment
• data about each meter (for example whether the meter is a on-domestic meter or a domestic one, or whether the meter is active or not)
• data about how the meter point is billed (for example billing cycle, payment type)

Purpose

We are processing this data:

• to determine eligibility of organisations for receiving the ND-AFP support
• to enable the Department for Energy Security and Net Zero (DESNZ) to monitor the progress and operational delivery of the ND-AFP. This includes monitoring the reach of the scheme across regions and vulnerable groups
• to conduct financial checks on suppliers carrying out ND-AFP payments, including for assurance and the prevention, investigation, detection, or prosecution of criminal offences including fraud
• to check against applications made by customers who do not receive the ND AFP automatically from their energy supplier, if needed
• to allow DESNZ to evaluate the scheme to understand its impact and to inform future government policy

Legal basis of processing

Processing is necessary for the performance of a task carried out in the public interest, under Article 6(1)(e)) of GDPR and in the exercise of official authority vested in the Secretary of State for DESNZ. The specific public task is to set up and oversee delivery of the ND-AFP Schemes including to allow for monitoring, assurance, fraud prevention and evaluation.

Sources

We will use datasets regarding MPANs provided by the Retail Energy Code Company and Electricity Central Online Enquiry Service (ECOES), and Xoserve data which provides a list of GB postcodes where there is no active gas meter point connection. These datasets will be used as necessary, to meet the purpose required. We will also collect these personal data from electricity suppliers.

Recipients

These data are being used by DESNZ and will be shared with DESNZ contractors (and if applicable their sub-contractors) where required for the delivery of the work that DESNZ contracts out. These datasets will also be shared with electricity suppliers in Great Britain where required for the delivery of the ND-AFP. Data may also be shared with Ofgem, for the purpose of enabling Ofgem to monitor and enforce compliance.

We may share your name and address with a contracted provider to contact you in writing to conduct research and evaluation about the service so we can deliver the scheme effectively and analyse the impact of the scheme. Any research is voluntary, and you would have the right to withdraw at any time using the contact details provided by the contracted provider at the time of the research request.

We will not:

• sell or rent these data to third parties
• share these data with third parties for marketing purposes
• collect other forms of data than those specified, such as individuals’ names

We may share these data if we are required to do so by law, for example by court order or to prevent fraud or other crime.

Retention

We will only keep these data for as long as required to support the evaluation and scrutiny of the ND-AFP, as is in the public interest. These data will be securely deleted no later than 7 years after collection in line with our department policy. We recognise that this maximum retention period is longer than energy suppliers will hold this data, which reflects the additional purposes for which DESNZ is collecting and processing this data.

Automated decision making

These personal data will not be subject to automated decision making.

Security

We are committed to doing all that we can to keep these data secure. We will protect this personal information against unauthorised access, unlawful use, accidental loss, corruption, or destruction.

We use technical measures such as firewalls and password protection to protect these data and the systems they are held in.

We limit access to this information to employees, agents, contractors and other third parties with a business need to know. They will only process this personal information in accordance with our instructions and are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected data breach and will notify you and the Information Commissioner’s Office as required.

International transfers

These personal data will be processed in the UK.

As these personal data are stored on our IT infrastructure, they may be transferred and stored securely in the UK and European Economic Area. Where this personal data is stored outside the UK and EEA, it will be subject to equivalent legal protection through the use of model contract clauses.

Your rights

You have the right to request:

• information about how these personal data are processed, and to request a copy of that personal data
• that anything inaccurate in these personal data is corrected
• that any incomplete personal data are completed
• that these personal data are erased if there is no longer a justification for them to be processed

You can also:

• in certain circumstances (for example, where accuracy is contested) request that the processing of these personal data is restricted
• object to the processing of these personal data

To exercise any of your rights contact the Data Protection Officer.

Updates to this notice

We will update this page if the way we handle your personal data changes in any way. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it, and under what circumstances we will share it with other parties. If we update the content, the date at the top of this page will change and the detail of the change will be available in the Latest updates section. If these changes affect how your personal data is processed, we will take reasonable steps to let you know.

Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner’s Office
Email: icocasework@ico.org.uk
Contact form
Telephone: 0303 123 1113
Textphone: 01625 545 860

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Contact details

The data controller for your personal data is the Department for Energy Security & Net Zero (DESNZ).

Contact the DESNZ DPO:

DESNZ Data Protection Officer
Department for Energy Security and Net Zero
3-8 Whitehall Place
London
SW1A 2EG

Email dataprotection@energysecurity.gov.uk

Updates

12 April 2023

Amended to include information on sharing data with contracted providers for research and evaluation purposes.