Using your personal information
Your personal information (referred to as personal data) is information which, on its own or in conjunction with other information we may have access to, can be used to identify you and to provide you with appropriate products and services. This policy sets out how we collect, store, share and use the personal information we already hold about you and any we may obtain from you or from a third party in the future.
Our Data Protection Officer (DPO) provides help and guidance to assist us in meeting our obligations and to ensure we protect the data we hold about you. If you have any questions about how we use your information our DPO can be contacted by writing to:
Data Protection Officer
Windmill Hill Business Park
We take your privacy seriously and take appropriate steps to protect the personal information we collect from you and to make sure that your personal information is kept secure and only used in line with this policy.
In addition you have certain rights. See the section on “Your rights” and how our Individual Rights team can help you. If you have any other questions about this policy feel free to contact us using the details set out in section 13.
2. Who is npower and how can you contact us
We are what is known as a controller of the personal information we collect and use about you. When we refer to “we”, “us”, “our” we mean npower and its group companies and consist of the following companies:
npower group company
The current npower group includes the following companies.
E.ON UK plc and the companies owned by E.ON UK plc who provide energy and related products and services (“E.ON”) following the acquisition by E.ON’s parent company, E.ON SE, of a majority shareholding in the parent company of the npower group, innogy SE.
- innogy SE
- Npower Group Limited (company number 8241182)
- Npower Commercial Gas Limited (company number 3768856)
- Npower Limited (company number 3653277)
- Npower Gas Limited (company number 2999919)
- Npower Northern Limited (company number 3432100)
- Npower Northern Supply Limited (company number 2845740)
- Npower Yorkshire Limited (company number 3937808)
- Npower Yorkshire Supply Limited (company number 4212116)
- PS Energy UK Limited (9850654)
The address and registered office of E.ON is Westwood Way, Westwood Business Park, Coventry, CV4 8LG.
The address of innogy SE is Opernplatz 1, 45128 Essen, Germany.
The address and registered office of the other companies in the npower group is Windmill Hill Business Park, Whitehill Way, Swindon, Wiltshire, SN5 6PB.
As our products and services may be provided to you by different companies within our group it may be that your personal information is passed to the relevant group company or companies. You can find out more about npower on our website or about E.ON on the E.ON website.
3. What information we collect about you
We need to ask you to provide certain personal information depending on the products and services we provide to you. It may be obtained directly from you when we speak to you or via our website or App if you complete an online form/application or from another third party organisation or person.
We’ll tell you if providing that information is optional including where we may require your consent to use your information for specified purposes.
We will collect information about you and other members of your household as requested by our online sign up process, over the phone or through any forms that you may complete. We collect the following to assist us in setting up and managing your account and to verify who we are dealing with (which may include collecting information about a landlord where they become our customer for the period where there is no tenant responsible for the supply to the premises):
- Full name (including title).
- Age/date of birth.
- Home address (which may include your previous home addresses if you have lived in your current address for less than 2 years or a billing address if different from the supply address).
- Phone number, mobile number and email address (which may include home and work phone numbers as well as home and work email addresses depending on how you wish to be contacted).
- Bank account details. If someone else has agreed to pay your bills then we will record their details instead of yours on your account.
- If you pay by credit or debit card you will be asked to enter your details directly into a third party Payment Card Industry (PCI) compliant provider’s systems (by phone, online or via an App), who will process your payments and tell us the amounts paid so that they can be allocated to your account. We will never see or hold these details on your behalf.
- The provider’s we currently use are Avaya (phone), Netbanx (online) and Payzone (Smart meter pre-pay via npower’s App).
- Financial details (e.g. salary, benefits) to assess your ability to pay.
- Meter details such as the meter serial number, MPAN or MPRN.
- Gas and electricity usage (via meter reads provided by you or our agents or taken remotely if you have a fully working Smart meter).
- Ethnic origin and physical (such as disabilities, critical illness) or mental health.
- Details about benefit entitlements.
We may also collect
- Information about your property’s characteristic (for example its age, number of bedrooms) if you have requested energy efficiency advice or want to compare your energy usage with other properties similar to yours.
- Occupier details (for example the number of people living in the property) for assessing things like vulnerability and providing you with appropriate products and services or extra assistance.
- Information about other products and services that you have with us so we can target our communications with you more effectively.
From you about other people
- If you provide information on behalf of anyone else then in doing so you must ensure that you have explained how their information may be used by us and they have given you permission to do so.
- If you have provided any special category data (such as health related information) about others you must ensure that the person who the information is about agreed (unless relating to a child for whom you are legally entitled to act) that we can use the information as set out in this policy. This may happen because you are acting as the representative on the customer’s behalf or because someone who is living with you requires additional support that we are able to offer.
From third parties
- Industry organisations who are involved in your gas or electricity (or both) supply like distribution and network companies, meter equipment owners, meter readers, other energy suppliers as well as from industry organisations who operate and maintain databases on behalf of the industry to assist (for example) in the change of supply process.
- Other industry organisations like network operators or transporters (who may also share information provided to them by water companies in line with agreed industry processes) about your individual circumstances (for example health related issues) to make us aware that you may require additional support and to enable us to see if you are eligible to be added to our Priority Services Register.
- Landlords or letting agents who own or manage your home and who provide your details so we can set up an account in your name or from third party agents like switching sites (brokers) who you authorise to carry out your switch to us.
- Agents like meter readers (who check your meter to see if it is safe, obtain a read so we can bill you or assist in sorting out meter issues) or debt collection agents or other service providers who are contracted by us to provide services to you on our behalf.
- Credit reference or fraud prevention agencies in relation to your repayment history or your credit rating which may include public information about bankruptcies or county court judgments against you.
- Credit reference or fraud prevention agencies and other publicly available information (see below) to identify you if you have not told us who you are (i.e. your account is set up in the name of an “occupier”) or we need to trace you or people linked to you because you owe us money.
- Publicly available sources like the electoral register or phone directories (for example 192.com) or from the Land Registry or Companies House or social media to verify your information or to trace you if you have moved without paying your bill.
- Other companies or organisations (e.g. data brokers) where they have an appropriate legal basis to provide your information to us for commercial gain so we can check the accuracy of the information we hold about you and update or add any information that may be missing e.g. your contact details to your account.
- Your Smart meter in relation to your energy consumption information from either agents appointed on our behalf or from the industry organisation set up to do so (once they are in a position to do so). See the section on “Use of Smart energy data” for more details.
- Credit reference agencies and other external data sources and other companies we may partner with to create models based on previous promotions to see what products and services to offer you.
- Other companies where you have given them your consent to share your personal information with us to market our products and services to you.
- Other companies or organisations where you have given them your consent to share your personal information with us so we can see if you are eligible for additional financial assistance.
- Other companies like energy comparison sites or brokers where you sign up to our products and services through their websites or contact centres.
From our website or our mobile App
From Call Line Identification
- We automatically collect details of the phone number you use when contacting us. If we do not already hold this information we may add the number to your account once we have taken appropriate steps to validate it as being yours.
From internal systems
- We record information like your phone number, email address etc. via various online forms and interactions we have with you on our internal systems. Where appropriate we may take information that is held on one system e.g. Tallyman (used in the debt process) or Once (used in the complaints process) and carry out an internal data quality exercise where we consolidate that information and (where validated) add it to your main customer account (unless you have objected to us doing so and we have not been able to demonstrate we have an overriding interest to continue to use that information).
Keeping your information up to date
You need to let us know if your details (like your name, email or phone number) change so that we can keep that information up to date. You also should let us know if your circumstances change as you may be eligible for additional support.
We will keep copies of other correspondence or communication you have with us whether written or sent by email or text or provided in the completion of “contact us” or feedback forms on our website or App or posted via social media (Twitter or Facebook etc.) as well as recorded telephone calls (we will always let you know when we record your calls), online web chats or recorded as a result of a visit to your home. We will also record any comments you make to us in free text fields so that we have a record of what you have told us.
4. How we use your personal information – the legal basis and the purposes
We can only use your personal information where that is permitted by data protection laws. Those laws require that where we use your personal information we must satisfy one condition (legal basis) for processing. The legal bases are consent, to comply with our legal obligations, to perform a contract, if it’s in our legitimate interests and for special category data (health) we may rely on consent, vital interests and public task as applicable to the purposes we are processing that information for.
Set out below are the different legal bases and the types of processing we carry out:
Legal basis for processing
Where you have provided consent we will rely on that to process your information for the purposes set out at the time that the request for consent was made.
You can change that consent at any time (either by withdrawing it or giving your consent where you previously hadn’t). The consequence of withdrawing your consent might be that we are no longer able to do certain things for you.
See the section on “Your rights relating to the personal information we hold about you” then “Right to withdraw consent”.
Processing activities (purposes)
You are asked to do this before using our website/App. If you refuse consent or you later remove it you may affect our ability to provide the services you want.
To provide you with marketing information (including by phone, text message, email, via your online account and via your Smart in home display) about products and services (including third party products and services) which we think may benefit you in your everyday lives (if you have agreed to receive such information).We ask for consent when you sign up with us but you can change your mind at any time.
We may ask you to participate in market research (such as surveys, participation in focus groups etc.) to help improve the way we provide our services and products that we are able to make available to you – if you agree your feedback is given with your consent.
Smart meter half hourly energy use
If you have a Smart meter installed at your property, we will only collect details of your half-hourly energy usage if you have given us your consent to do so.
You agree to the disclosure
If you request us to disclose your personal data to other people or organisations such as to a relative to deal with your account on your behalf or to a person or organisation who has agreed to pay your bills or to company dealing with a claim on your behalf or you otherwise agree to such disclosures (for example to a charity providing you with debt assistance).
When we process any special categories of personal information at your request (e.g. your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation).
If you elect to either go on our Priority Services Register (which is a set of services that may be available to you or to people who may be living with you where, due to your (or their) health, age or some temporary reason (for example a bereavement) additional assistance may be required) or you agree for us to record details of your health etc. (information about your circumstances) we need your consent to do so.
If you consent we will use that information to assist us in providing the priority services you have requested (if any), managing your account so we are aware you may need additional help and support (for example having a bespoke debt pathway), for internal performance review, analysis, reporting and audit purposes (both internally and to report to Ofgem) to ensure our compliance with our obligations and to improve our services to you. We may share your information about your circumstances with with agents and service providers (like metering companies) who carry out services on our behalf.
If you agree we may also share your information with energy distributors and transporters (who may then share that information with water companies in line with agreed industry processes) so they can tailor their services to help you e.g. if there is a loss of power or water supply.
Legal basis for processing
We may need to share information about your circumstances with third parties because we believe you or someone else’s life is in imminent danger.
This will be assessed on an individual basis and we will not share information unless we really believe there is a serious risk.
Processing activity (purposes)
Whether or not you are registered on PSR referred to above if you are in danger of being cut off and we believe you may need extra help we may record information about your circumstances.
You or a member of your household may need this extra help as a result of your (or their) health, age, disability or financial circumstances (we assess and record who may require extra help as a result of their circumstances) to assist you or them and ensure you or they stay on supply.
Legal basis for processing
Special category data and public task - processing activity (purposes)
Where we process special category data about you (e.g. health data), we may rely on the substantial public interest involved as an additional condition for processing that data.
We may process your data in this way and share it with other organisations in situations where we know you require additional assistance and either we, industry organisations like transporters and distribution network operators (who may then share that information with water companies in line with agreed industry processes) or another supplier need to process your data so we/they can offer or continue to offer you appropriate services to meet your needs and to ensure you remain on supply.
If we process your data under this condition we will act in a way that’s proportionate.
Legal basis for processing
Performance of our contract with you to provide products and services or to take steps at your request prior to entering into that contract
The information described above will be provided to us by you because you want to engage with us or take our products and services.
Our use of your information will be governed by your contract terms. It is up to you if you provide it but if you do not it may affect the products and services you want.
Processing activity (purposes)
- To provide you with a quote (which may include making an assessment of your credit worthiness by automated decision making to decide which products and services and payment methods are most suitable for you).
- To help us identify you so we know who we are talking to and authenticate the information you provide for security purposes. We may check against information we already hold about you as an energy supplier and potentially publicly available information such as social media.
- To set up and manage your account including processing and collecting payments, recovering debts, analysing your account history and improving our service to you.
- Sending you service messages such as account notifications and communications such as price and other terms and conditions changes.
- To supply you with any products or services you have asked us for such as the supply of gas or electricity (or both), which may include passing your details on to third parties and partnerships to fulfil offers or cashback to you.
- To enable you to access our website or App (including your online account if you have one) to use our services.
- To set you up in the appropriate industry systems based on agreed industry processes when you change your supply to or away from us including obtaining meter reads, resolving metering disputes etc.
- To measure your gas or electricity use (or both) and to work out your bills.
- To assess health and safety, environmental and financial risks to you.
- To provide and improve customer support.
- To resolve complaints and query resolution.
- To train our staff and monitor our services. This may involve us recording our conversations with you or keeping copies of our correspondence with you to make sure we are providing you with a good service and are keeping to our legal and regulatory obligations.
Legal basis for processing
As necessary to fulfil a legal obligation
This is where we are required to do something by law, regulatory requirement or by way of a court order.
Processing activity (purposes)
- To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance, and audit.
- To help prevent and detect debt, theft, fraud or loss of gas or electricity (or both) including preparing and sending reports to the entity contracted to run the Theft Risk Assessment Service. See the section headed “Theft and Fraud Prevention”.
- To comply with legal and regulatory requirements including those set out in the relevant gas and electricity Acts, our licence conditions and industry codes which govern how we operate.
- To comply with orders made by the Court where we may be required to disclose information about you.
- To provide certain information to Ofgem as regulator for the energy industry either as part of an investigation by them or as part of request for information or as part of an audit of our services.
- If you have a Green Deal plan to manage the collection of the monies you owe to the relevant Green Deal provider and to update the industry parties and industry database as appropriate in line with agreed industry processes.
- For demand forecasting and settlement in so far as is required to meet our industry requirements.
- To relevant law enforcement agencies or government agencies where we have been asked to provide the information for legal or regulatory reasons (if we receive a legitimate request for the information).
- To assist you if you exercise your legal rights under data protection law.
- For the establishment and defence of legal rights.
- To verify your identity, make credit fraud prevention and anti-money laundering checks.
Legal basis for processing
As necessary for our own legitimate interests
This is where we use your personal information for our normal business purposes where the benefits of doing so are not outweighed by your fundamental rights or freedoms.
You have a right to object to this type of processing. See the section on “Your rights relating to the personal information we hold about you” then “Right to object”.
Processing activity (purposes)
- To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance, and audit.
- To help prevent and detect crime such as fraud and money laundering where this is not covered by our legal requirements and we are processing your personal information to help reduce the cost of this activity being spread across all customers by way of increased prices.
- To contact you with service messages that are not strictly necessary for the performance of our contract but we believe will assist you and will improve our service to you unless in each case (with the exception of service messages or online notifications via your online account (if you have one) which you are required to receive as part of having an online account), you tell us you do not wish to receive such service messages, notifications and communications by those means and you are not required to receive them as part of the product and/or services you have signed up to.
- To use your information for marketing purposes so for example we can see what products and services may be of interest to you.
- To provide you with advertising about our products and services which we think may benefit you in your everyday lives, using the internet and digital media technologies provided by third parties such as Facebook and Google. You can opt out of such marketing purposes by changing your settings on Facebook or Google or by contacting us.
- To assist in debt prevention and debt recovery which may include tracing where you have moved to and identifying who is responsible for taking supply where such processes go beyond what is strictly necessary for the performance of our contract with you.
- For demand forecasting and settlement to assist us in purchasing energy more efficiently.
- To resolve complaints and query resolution which go beyond strictly performing our contract with you.
- To carry out credit checks or otherwise assessing your credit worthiness.
- To carry out performance reviews, monitoring, modelling and analysis, reporting, profiling, auditing, market research (where the analysis is carried out by third parties who do not provide us with your details unless we have your specific consent to do so and may extend beyond energy usage to include aspects of your lifestyle, payment history etc.) and statistical analysis to assist us in ensuring we can comply with legal and regulatory requirements (including those set out in our licence conditions and industry codes) as well as to help improve the way we provide our services and the products that we are able to make available to you.
- To test systems to help improve the way we provide our services and the products that we are able to make available to you.
- To monitor emails, calls, other communications, and activities on your account.
- To carry out data enrichment to help us ensure the information we hold about you is accurate and up to date and to assist us in being able to contact you (which may involve purchasing data from someone else like a data broker or using publicly available sources like the Land Registry or the electoral register).
- To take contact information like phone numbers or email addresses that are held on our internal systems e.g. Call Line Identification (used when you call in to us), Tallyman (used in the debt collection process) or Once (used in the complaints process) to carry out an internal data quality exercise where we will consolidate that information and (where validated) add it to your main customer account to ensure that we hold accurate and consistent information about you to assist in contacting you in relation to your account.
- To report to and pay our referral partners such as telesales and broker websites like uswitch.
- Web analytics to analyse and better configure our website and App.
- To take part in government or industry initiatives (for example to tackle fuel poverty, improve energy efficiency or other social or consumer interests).
- Whether or not you are registered on PSR referred to above if you are in danger of being cut off or we believe you (or someone who lives with you) may need extra help we may record a generic vulnerable marker (not going into any specific details about you or them).
- You or a member of your household may need this extra help as a result of your (or their) health, age, disability or financial circumstances (we assess and record who may require extra help as a result of their circumstances) to assist you o or them and ensure you or they stay on supply.
- We will use it to assist us in providing the priority services you have requested (if any), managing your account so we are aware you may need additional help and support (for example having a bespoke debt pathway), for internal performance review, analysis, reporting and audit purposes (both internally and to report to Ofgem) to ensure our compliance with our obligations and to improve our services to you.
- We may share information about your circumstances with agents and service providers (like metering companies) who carry out services on our behalf. We may also share the fact you are potentially vulnerable (providing no special category data) with industry organisations like transporters and distribution network operators (who may then share that information with water companies in line with agreed industry processes) so that they are aware you may need additional assistance and can offer you appropriate services in case, for example, of a loss of power or water supply.
- If you have a display unit with your Smart meter, we may send messages (for example, general energy-efficiency messages) direct to it, unless you let us know at any time that you do not want to receive such information.
- If you have a Smart meter to record your daily Smart meter energy use unless you have told us otherwise (see the section on “Use of Smart energy data” below).
5. Who we share your information with
We may give your personal information to others in connection with the purposes set out above, including to the following:
- Agents and service providers (including IT service providers who host our databases) to support our business who may have access to our systems and data in order to provide services to us and/or to you on our behalf. For example we outsource some of our customer services activity (such as call handling, metering services (which includes meter readers who visit your property to read, inspect or replace your meter(s)), debt collection), and use fulfilment companies to send out our service and marketing communications to you. In addition we work with companies who process payment vouchers and take payments on our behalf (for example the Post Office, Payzone and PayPoint) as well as passing on your information to third parties and partners to fulfil promotional offers and cashback you have asked for.
- Agents and service providers acting on our behalf to carry out profiling, modelling and analysis, market and customer research, statistical analysis and the testing of our systems to help improve the way we provide our services and the products that we are able to make available to you. These agents and service providers include creative agencies, professional user experience testing agencies and search engine optimisation agents. We do not provide personal information unless it is specifically required for the services they are providing.
- Our legal and professional advisors including our auditors.
- Our processors and sub-processors who are involved in the hosting, development and testing of our IT systems.
- Other members of the npower group of companies as we may benefit from large IT infrastructure and expertise that exists within our business. This means that your personal information may be accessed for support and administration purposes.
- Relevant industry organisations and agencies, based on agreed industry processes who are involved in your gas or electricity (or both) supply like distribution and network companies, transmission companies, meter equipment owners, meter readers, other energy suppliers, as well as industry organisations (such as xoserve and Gemserv) who operate and maintain databases on behalf of the industry to assist (for example) in the change of supply process and Smart DCC Ltd, who manage the data and communications network connecting Smart meters to ourselves and other industry suppliers, or the collection of green deal payments or the provision of industry data analytics to improve or enhance the energy efficiency in the energy market and/or to improve or enhance the efficiency of our operations compared to other energy suppliers.
- Credit-reference agencies such as Experian (see the section headed “Credit Reference Agencies” below).
- We share information with the industry appointed TRAS Fraud Prevention Agency (being the organisation appointed on behalf of the energy industry as required under energy suppliers licence conditions to provide a service to all UK energy suppliers to facilitate the prevention, detection and any subsequent investigation of energy theft) and other interested parties such as Ofgem, other energy suppliers, landlords, housing associations, fraud prevention agencies and other organisations (such as the police) involved in crime and fraud prevention who may also use this information (see the section on “Theft and fraud prevention” below).
- The police, other relevant law enforcement agencies, regulators, public bodies such as local and central authorities (including government agencies/departments) where we have been asked to provide the information for legal or regulatory reasons (such as prosecuting offenders, assessing or collecting tax, investigating complaints or assessing how the energy sector is working) for example by a lawyer or Ofgem or to the Information Commissioner (if we receive a legitimate request for the information).
- If you do not pay a debt, we may ask debt recovery agents to pursue that debt on our behalf or we may transfer your debt to another organisation and give them details about you and that debt or we may use a credit reference agency or fraud prevention agency to trace you if you have not provided your contact details or a forwarding address so that we can recover your debt or we may pass your details on as part of current or future legal action.
- We may share limited information we hold about you (for example your email address) with third parties such as Facebook and Google that also hold your information or have an existing online relationship with you in order to identify you as our customer and to enable us (or third parties on our behalf) to provide you with relevant marketing/service messages online via the third parties sites.
- Other companies and organisations who can enhance or match the data we hold about you with additional information and insights which enable us to understand you better and to plan marketing activities.
- Other companies and organisations like data brokers (who provide information for commercial gain (subject to having the appropriate legal bases to do so)) to match the information we hold with the information they have access to so that we can verify your details for example your name, address, phone number and where relevant update or add any information that is missing to your account.
- For regulatory purposes to Ofgem (or any organisation which takes over Ofgem's role) or directly to an agent acting on their behalf, or as part of a government data-sharing initiative for example ones aimed at helping people who cannot afford to pay for their heating and electricity. They may pass that information to other agencies to be analysed or for other purposes relevant to their request or investigation.
- We may share information about your circumstances with Social services, and with medical and healthcare professionals or other similar support agencies and provide this information to other energy suppliers in line with the Energy UK “safety net procedures” if you decide to change supplier. We may also share this information with the relevant gas transporter, or network operator (either of whom may then share that information with water companies in line with agreed industry processes) or metering agents.
- We may share information with the Department of Works and Pensions, and organisations like Charis Grant, Fuel Direct, StepChange and Christians Against Poverty if you have agreed to us doing so to see if you are eligible for additional financial support.
- We may share information with Members of Parliament, journalists or Citizens Advice if you have asked them to assist you in dealing with a complaint.
- If an organisation takes over all (or nearly all) of our business or assets, we may pass your personal information to them and we may pass details of any debt you may have with us to your future service provider.
- To someone other than you who is connected with your account for example if you have provided a delegation of your authority or a power of attorney to a partner, relative or a friend to allow them to assist you in dealing with your account or to a person or organisation who has agreed to pay your bills.
- You if you make a request to obtain a copy of your information (see the section “Your rights relating to the personal information we hold about you”).
6. Theft and fraud prevention
- We share information on a regular basis (including occupier details, property type and consumption data) and may (where relevant) share details of how frequently you top up your prepayment meter (if at all), for as long as you have an account with us, with the industry appointed TRAS Fraud Prevention Agency (including their sub-contractors (if any)) who will use that information and that of other customers (whether or not supplied by us) to check public and other databases they hold or have access to so that they can profile geographical, behavioural and other similar trends for the purpose of theft and fraud risk assessment and to generate leads based on that analysis which they will pass on to us for the purpose of preventing and detecting the theft of energy and the prosecution of offenders (“theft leads”).
- The TRAS Fraud Prevention Agency will hold this information and may provide it to other energy suppliers (where you have an energy account with them) or to Ofgem and other industry bodies in accordance with agreed industry processes and the information may continue to be used even following termination of this agreement where you are supplied by a different supplier.
- We may use and record any information we have collected as well as any theft leads received from third parties including the TRAS Fraud Prevention Agency to (where relevant and appropriate) detect, investigate, pursue (including prosecute) and prevent (in so far as possible) theft and fraud.
- If we suspect or confirm that you have committed fraud or stolen energy by tampering with your meter or interfering with supply we will record this information on your account and where appropriate will share the information with the TRAS Fraud Prevention Agency who may also retain a record of the information. We may use this information to assist us in making decisions about your payment arrangements and the products and services we offer you in the future.
7. Credit reference agencies
We have set out below how we may share your personal information with credit-reference agencies and how they may record and use your personal information:
- In order to process your application (for example when you apply to take supply from us or you move home), we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”) as well as using information we already hold about you for internal credit risk and debt management and to help us assess your ability to pay. Where you take products and services from us we may also make periodic searches at CRAs to manage your account with us.
- To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
- We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your closed accounts. We record your current balance and how you manage your account and may share this information for each type of fuel that you are supplied with by us with CRAs. If you owe us money and when requested do not repay in full and on time we may share this information with CRAs. This information may be supplied to other organisations (like banks, other utility companies, companies who offer you credit to purchase goods) by CRAs which may affect your ability to obtain credit.
- If you set up an instalment plan or some other form of payment arrangement with us to repay a debt (including paying off a debt through a prepayment meter) then a payment arrangement flag may be recorded on your credit file. We may record such a flag whether you are a current customer with us or one who has left us to go to another supplier and your account is closed with an outstanding debt that remains to be paid. This information may be supplied to other organisations (as described above) by CRAs and may affect your ability to obtain credit.
- If we consider that your account is in default (i.e. you have not paid us and are in breach of your agreement with us or you are making ‘token’ payments towards your debt) we will notify you and if you do not pay us we will report the unpaid debt to CRAs who will record that default on your credit file. This information may be supplied to other organisations (as described above) by CRAs and may affect your ability to obtain credit.
- We will use information we receive from CRAs along with information we already hold about you to:
- Assess your creditworthiness and whether you can afford to take the product and/or services;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts;
- Ensure any offers provided to you are appropriate to your circumstances;
- To assess your ability to pay versus financial risk to decide on the appropriate debt recovery activity and the application of debt recovery fees (in line with guidance on ability to pay from Ofgem) including sending you timely service messages and/or contacting you by telephone if it looks like you are or are about to get into payment difficulties.
- When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other organisations (like banks, other utility companies, companies who offer you credit to purchase goods).
- If there are people who are associated with your account for example you tell us that you have a spouse or financial associate, we may share separate records for each individual, so you should make sure you discuss this with them, and share with them this information, before making your application or providing their details (for example adding them as a person who has authority to act on your behalf in relation to dealing with your account). CRAs will link your records together and these links will remain on your and their files until such time as you or your partner or financial associate etc. successfully files for a disassociation with the CRAs to break that link.
- We may also use information obtained from CRAs where you have failed to tell us that you are the owner and/or occupier of the property we supply. In the event that the CRAs are able to positively match your details from their search of information from other companies, the electoral register etc. then we will use that information to follow our internal processes to take steps to set up an account for that property using the details provided by the CRAs. Before we do so we will contact you and provide you with the opportunity to correct any information we have obtained. Where it is clear that you are the owner/occupier of the property and taking energy supply we will set the account up in your name and record the current balance and share that with CRAs. If you owe us money and when requested do not repay in full and on time we may share this information with CRAs which may affect your ability to obtain credit.
- The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the Credit Reference Agency Information Notice (CRAIN). CRAIN is accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document:
- Transunion www.transunion.co.uk/crain;
- Equifax www.equifax.co.uk/crain;
- Experian www.experian.co.uk/crain.
- If you would like to see what information the CRAs hold about you, you can contact those currently operating in the UK. The information they hold may not be the same so it is worth contacting them all. They will charge a small statutory fee.
8. Use of Smart energy data
From the date your Smart meter is installed or the date we notify you we are able to utilise the functionality of a Smart meter that a previous supplier fitted, or from the date we take over your supply and your Smart meter functionality is already available to us (as appropriate), we will use the Smart energy consumption data for the purposes set out in this policy.
We will use the Smart energy consumption data we obtain remotely for the following purposes depending on what level of Smart energy data you have chosen:
|How your Smart energy data will be used||Monthly||Daily||Half-hourly||How collecting your energy usage more often can help|
|To produce bills based on actual reads reducing the need to estimate your bills.|
|To provide information and feedback to you about your energy consumption and how you could manage your energy usage better and save money (this won’t include using your Smart energy data for marketing purposes unless you’ve already agreed that we can).||The more tailored the feedback can be.|
|To track trends in energy consumption and analyse your energy data and compare it over time with other customers’ usage so we can develop tailored products and services for you (this won’t include using your Smart energy data for marketing purposes unless you’ve already agreed that we can).||The more tailored the products and services we can offer to meet your specific needs.|
|To calculate your energy usage and any debt or credit accrued.|
|To provide energy usage for industry purposes in line with industry regulations.|
|To identify and fix faults or issues with your meter more quickly.||The easier it will be for us to identify issues with the meter at an earlier stage.|
|To provide you with interactive tools to analyse your energy consumption through your online account or through communications we may send to you for example to provide you with energy saving advice.||The more detailed and tailored the analysis will be.|
|To help us forecast demand for energy.||The more efficiently and accurately we can do this meaning we can purchase wholesale energy at the best price.|
|To give you tailored advice and recommendations on how to reduce the amount of energy you use based on your specific energy usage.|
|To carry out internal reporting, modelling and analysis to understand our customers better.||Provision of daily and/or half hourly energy usage will give us a more detailed view of our customers and how they use energy to help us understand our customer needs better, help improve the way we provide our services and the types of services we offer as well as enabling us to develop the right types of products for our customers.|
Monthly is the minimum level of data we are allowed to take for billing and regulatory purposes. If this is the level of Smart energy data you select we are also allowed to take ad hoc daily meter reads to maintain accurate billing where we need to send you a bill after changes to your account (for example if you move home or change your energy product), if we need to use the data to resolve a query or a complaint from you or if we think your Smart meters have been damaged or been compromised in any way. Daily meter reads will help us understand the meter’s recent activity so that we can diagnose and resolve the problem.
Unless you tell us you wish to opt out (object), not only will we collect your monthly energy data as set out above, we will also collect your Smart energy data on a daily basis. If you would prefer us not to collect this level of energy data daily you can let us know at any time by logging in to your online account (if you have one) and going to the “Profile” page or by calling us on 0800 980 9907 (generally free from most landlines). If you have hearing or speech difficulties and use a minicom or textphone, you can contact us on 0800 413 016.
Subject to this section (see “Additional Smart energy data use requirements” below), if you permit us to, not only will we collect your monthly and daily energy data as set out above, your energy data will be measured every half hour. The data will only be collected by us once a day (during a daily download of that data from your Smart meter).
- We will discuss the purposes for which your Smart energy data may be used in greater detail with you either when you contact us, or we will get in touch with you prior to your Smart meter being installed, or when you transfer your energy supply over to us, so that we gain your explicit consent for us to collect and use your half hourly data. Your half hourly Smart energy data will not be collected and used by us unless we get your consent to do so.
- To discuss your options or change what level of energy data we collect, please call 0800 980 9907 (generally free from most landlines) or, where you just want to make a change, by logging in to your online account (if you have one). You can change your mind about the use of your data whenever you like – but we are allowed to take monthly energy usage for the purposes set out above so that we can service your account.
- If you decide that you want to change the level of Smart energy data that you want us to collect that change will not be reflected at a meter level for up to 2-3 days from the date that you contacted us and the Smart energy data for that period either may still be available to us and to you or may not be available to us or to you until your meter is updated depending on whether you were increasing or decreasing the level of energy data you want to have access to.
Additional Smart energy data use requirements
- If you have a Smart meter in your property it is your responsibility to tell us if you move home. It is essential that you tell us in advance of that move taking place so that we can arrange for your Smart energy data to no longer be available to any new occupier via the Smart energy display in your home. If you fail to let us know then we may be unable to prevent your energy data being available to the incoming owner/occupier of the premises. This may also have an impact on the availability of the new occupier's data to them as we will only be able to prevent access to your data from the date that you let us know that you have moved and that may include some data for the new customer if you have moved out and they are already living in the premises.
- If you are a landlord you must notify us when your tenants move in or out. It is essential that you tell us in advance of that move taking place so that we can arrange for the previous tenants’ Smart energy data to no longer be available to any new occupier via the Smart energy display in your property. If you fail to let us know then we may be unable to prevent the previous tenants’ energy data being available to the incoming owner/occupier of the property. This may also have an impact on the availability of the new occupier’s data to them as we will only be able to prevent access to the previous tenants’ data from the date that you or the new occupier lets us know that the previous tenants have moved and that may include some data for the new customer if the previous tenants have moved out and the new customer is already living in the premises.
- We are able to provide you with up to 24 months' (or the period we have been your supplier whichever is the shorter) of Smart energy consumption data as long as it is available from your Smart meter. A Smart meter is only able to store a limited amount of data so if you, for example, change your level of consent to enable us to collect more than monthly energy data then we will only be able to provide you with any retrospective information at that new level of energy data use if it is still available from your Smart meter.
- It may not be possible to purge (remove) all your energy data from the systems once it has been collected. If requested we will stop processing that data unless we have a legal or regulatory right to continue to use the data to deal with your account.
- If you are the landlord or owner of the property we supply and are also the bill payer but you do no live at the property, we may only be able to provide you with Smart energy consumption data that is necessary to enable us to meet our contractual and legitimate responsibilities/functions to be carried out (such as billing and tariff comparison) are shared with you. We may be able to provide you with more granular Smart energy consumption data if you provide us with your tenants details so that we can contact them, provide them with the purposes for which we will use their Smart energy data and seek their consent to provide you with more granular Smart energy data.
- If you are the account holder for electricity, and not the account holder for gas (or vice versa) at a premise we supply, both of you will have access to the SED and will be able to see how much energy you are using, the tariff you have agreed with us and the cost of that energy.
- If your property has multiple meters (for example because you have converted two flats which have separate meters into one) then the level of Smart energy data use you agree to will be the level of Smart energy data use that will apply to all the meters in your premises. We may need to discuss your level of Smart energy data use and how your Smart meter operates if your Smart meter is set in prepayment mode.
- If you also have an export meter and we are the supplier to whom your energy is exported then any level of Smart energy data use you have set for your import (supply) meter will apply to your export meter.
9. Automated decision making and profiling
We sometimes use your personal information in automated processes to make decisions about you such as credit scoring. We may also use an automated process to create a profile of you. Automated decision making involves processing your personal information without human intervention to evaluate things like your financial situation, personal preferences, interests or behaviour for example in the payments you make to us or other providers or where we may wish to send you more targeted marketing communications.
- Credit scoring
We use automated profiling to create a profile of you so we can predict your credit worthiness based on your financial profile. To do this we use information you give to us, information we obtain from credit reference agencies as well as internal information relating to how you have used other products and services we provide to you. We analyse this information to create a “scorecard” and assess you against that to see how likely you are to pay your debts. We use the results of that processing to decide on what types of products and service to offer to you and whether we require a security deposit. In carrying out that processing we are relying on the legal basis we are taking steps to enter into or perform a contract.
- Profiling for marketing
We want you to get the most relevant information about products and services we think may be of interest to you at the right time. The most effective way for us to do this is to use automated processes to create a profile of you for marketing.
To do this we use information you give to us, information we obtain in relation to how you have used other products and services you have with us, your feedback (if any) as well as information we have obtained from credit reference agencies and other external data sources like Experian who provide us with customer insights.
We use an analytical program that collates the information we hold and analyses it to create models based on previous promotions to decide what products and services to offer to you and to prioritise the marketing messages you receive by; assessing your eligibility, how likely they are to be useful for you; and deciding how likely you are to respond. This information is not used to make any specific decisions about you as an individual.
- Business processes
Many of our business processes are automated to help us interpret policies correctly and make decisions fairly and consistently about you and to speed up our customer service and make our products and features more relevant to you. These processes often lead to automated decisions being made.
However, all the activity above is carried out on the legal basis of our legitimate interests and either involve human intervention in the decision making or do not introduce legal or other similarly significant effect on you as our customer in what we are doing (unless this is a necessary step to take when entering into a contract with you). You have a right to object to these automated decisions.
We take the security of your personal information very seriously and operate to the standards required by law to protect it against unlawful or unauthorised processing. We train our staff to protect your personal information and check your details when you contact us. We maintain data security by protecting the confidentiality, integrity and availability of your personal information so only those people who are required to access it are able to do so and those staff receive training to ensure they know how to handle your personal information in an appropriate manner.
Whilst we put in place appropriate measures the internet and electronic means of communication are not secure and you use those to communicate with us or to receive services from us at your own risk. You must ensure you keep any account and login details and passwords secure and do not disclose them to anyone. Please ensure that you log out of your account and close your browser when you have finished.
We use a third party service provider to help maintain the security and performance of our website. To deliver this service it processes the IP addresses of visitors to the website. We use a Secure Socket Layer (SSL) protocol that provides a secure encrypted connection between you and us (the information is decrypted or put back into readable format when it reaches its destination). When you visit our website you may move in and out of secure areas. If you are requested to provide credit/debit card or bank details or any personal information to sign up to our products and services you will be in a secured area.
11. Transfers outside the UK and safeguards
Although we are based in the UK we also may pass your personal information to service providers, agents and subcontractors based in countries outside the UK. We are permitted to transfer personal data outside of the UK to countries within the European Economic Area (EEA) as they are governed by the same basic rules and are deemed to have adequate safeguards.
We may also transfer data outside of the EEA. For example we outsource some of our customer and IT services to organisations based in India, the USA and South Africa.
These countries may not have the same level of data protection as we operate in the UK. To make sure we keep your information secure we apply strict safeguards when transferring and processing your information outside of the EEA. We will only transfer your personal information:
- to countries approved by the European Commission as having appropriate data protection laws to ensure an adequate level of protection for your personal information such as Canada, New Zealand; or
- where we have put in place our own measures to ensure an adequate level security as required by data protection law. These measures include ensuring that your personal information is kept safe by carrying out strict security checks on our oversees agents, service providers etc. backed by strong contractual undertakings approved by the relevant regulators for example the EU style Model Clauses. Visit the ICO website ico.org.uk and search for “international transfers” for more information; or
- to a member organisation approved by the European Commission as having a suitable level of data protection for example the EU-US Privacy Shield which covers transfers to the US. Visit www.privacyshield.gov for more information.
If the UK exits the EEA without a withdrawal agreement (a “No-Deal” Brexit), we will continue to transfer personal data to countries within the EEA and to those countries that the European Commission has already deemed to provide adequate safeguards (including utilising the EU-US Privacy Shield) on the basis that they are also deemed to provide adequate safeguards by the British government. If we do not exit the EEA (Article 50 is revoked or delayed) or we exit with a withdrawal agreement then the position remains as set out above.
12. Retention periods (whether or not you become a customer)
We use the following criteria to determine the appropriate data retention periods for your personal data:
- We’ll keep your information for as long as we need it to provide you with the products and services you have signed up to.
- We’ll keep your personal information for as long as is necessary to deal with any queries or to resolve any disputes.
- We’ll keep your personal information for as long as we might legally bring a claim against you or defend a claim made by you.
- We’ll keep your personal information for as long as we might need to do so to meet our legal and regulatory requirements (for example for tax purposes, reporting to Ofgem, to meet our licence condition obligations etc.).
- We’ll keep your personal information after you are no longer a customer and your account has been closed based on our legal and regulatory requirements.
After you are no longer a customer of ours we will retain your information for 6 years unless we require it for longer to meet our legal and regulatory requirements (for example you are in dispute with us or still owe us for energy you used whilst you were our customer). However, the reasons we need to keep your personal information can vary from one piece of information to the next and may vary in relation to the different products and services you have signed up to so the length of time we keep your information for may also vary. Any information that is no longer required for any purposes will be disposed of by an appropriate means.
13. Your rights relating to the personal information we hold about you
You have the following rights in relation to how we deal with your personal information. However, in some cases where you ask us to correct, delete or stop processing your personal information we won’t always be required to do so. If we believe that is the case we will explain why.
- Right to withdraw consent – if you’ve given us consent to process your personal information you have the right to withdraw that consent at any time by utilising the available unsubscribe options to marketing emails or texts or by making changes to your preferences in your online account (if you have one) or contacting us on 0800 073 3000 (generally free from most landlines). If you have hearing or speech difficulties and use a minicom or textphone, you can contact us on 0800 413 016. We're available Monday to Friday from 9am to 5pm.
- Right to be informed – you are entitled to be told about the collection and use of your personal information. This is achieved by this policy which set outs what data we collect, how we use it and who it is shared with etc. along with giving you appropriate “just in time” notices when we collect your information at different points in time through your dealings with us be that on the phone, by letter, via our online journeys etc.
- Right to object to processing based on it being in our legitimate interests – where we rely on this legal basis to process your data (i.e. that it is fair to use your personal information either in our interests or in someone else’s interests where there is no disadvantage to you (as opposed to any other ground)) you have the right to object to us using your personal information for those purposes. We do not have to stop processing your personal information if we can show that it is in our overriding interests to carry on processing your personal information and it will not cause you unjustified harm. In making this assessment we will balance our interests against yours.
- Access to your personal information – you are entitled to see the personal information that we hold about you at any time so you are aware of and can verify the lawfulness of how we are using it. If you write to, email or phone us and ask to see this information, it is known as a 'subject access request' or “SAR” for short. If it is not clear who we are dealing with or we are unsure precisely what you are asking for we may need to ask you to provide some additional information. We will not charge a fee unless your request is manifestly unfounded or excessive (particularly if it is repetitive) when we may charge you a reasonable fee for obtaining your information based on the administrative costs of providing it.
- Erasure (also known as the right to be forgotten) – you have the right to have personal information deleted where it is no longer necessary for us to use it, you have withdrawn consent or we have no lawful basis to keep it.
- Rectification – you can ask us to change or complete any inaccurate or incomplete or incorrect personal information that we hold about you.
- Data portability – you can ask us to provide you or a third party with some of the information we hold about you in a structured, commonly used electronic form so it can be easily transferred.
- Restriction – you can ask us to restrict the personal information we use about you where you have asked it to be erased or you have objected to our use of it.
You may exercise any of the rights set out above by:
- Writing to: npower – Rainton House, Individual Rights Team, PO Box 177, Houghton–le-Spring, DH4 5OZ; or
- Calling: 0800 073 3000 (generally free from most landlines). If you have hearing or speech difficulties and use a minicom or textphone, you can contact us on 0800 413 016. We're available Monday to Friday from 9am to 5pm.
- Right to complain: If you are unhappy about the way we handle or use your personal information please write to us at Data Protection Officer, npower, Legal Department, Trigonos, Windmill Hill Business Park, Whitehill Way, Swindon, SN5 6PB and we will do our best to resolve your complaint. If you wish to make a complaint about any other matter please see the details on how to complain as set out in the Standard Terms section on “Service Levels and Complaints” or find out how to make a complaint on our website.
If you’re still unhappy and you do not believe we have resolved your complaint you have the right to contact the Information Commissioner’s Office (ICO). They are the supervisory body that regulates how personal data is handled in the UK. If you go to them before you have contacted us they may ask you to get in touch with us first to see if we can help you and resolve your complaint before they will investigate it.
The ICO can be contacted through their website, by phone on 0303 123 1113 or by post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
14. External links from our website and App
15. Website and App search engine
16. Webchat service
We use third party providers IMImobile and IBM, to supply and support our Webchat service, which we use to handle customer enquiries.
You can obtain a transcript of your Webchat session using the chat tool or by requesting it from an advisor as part of your conversation.
17. Apple Business Chat
We use third party providers IMImobile and IBM, to supply and support our Apple Business Chat service which you can use to raise customer enquiries with us.
Only you can initiate the conversation. We will be provided with an opaque identifier for you which the npower agent who picks up your messages uses to associate you with your npower customer account. The messages will be stored so that should you come back via this or another messaging channel your conversation history is retained. This information will be retained for three years and will not be shared with any other organisations.
We will not receive your phone number, email address (unless you provide them to us as part of the chat), or iCloud account information. When you chat via Apple Business Chat, Apple receives a Business Chat ID associated with your Apple ID. You remain in control of whether you want to communicate. Deleting a Business Chat conversation removes it from your Messages app and gives you the option to block us from sending further messages to you.
Messages sent to us are individually encrypted between your device and Apple’s messaging servers, and Apple’s messaging servers decrypt these messages and relay them to us over TLS (Transport Layer Security). Our replies are similarly sent over TLS to Apple’s messaging servers, which then re-encrypt the message to your device. As with iMessage, messages are queued for delivery to offline devices for up to 30 days.
18. WhatsApp messaging
We use third party providers IMImobile and IBM, to supply and support our WhatsApp messaging service which you can use to raise customer enquiries with us.
Only you can initiate the conversation. We will be provided with an opaque identifier for you, which the npower agent who picks up your messages uses to associate you with your npower customer account. The messages will be stored so that should you come back via this or another messaging channel your conversation history is retained. This information will be retained for three years and will not be shared with any other organisations.
We will also receive the phone number you used to register with WhatsApp but no other personal information (unless you provide it to us as part of the chat). It will not automatically be added to your customer account but could be added as part of a data cleanse exercise carried out by us. When you chat via WhatsApp, they will receive the phone number associated with your WhatsApp ID. You remain in control of whether you want to communicate. Deleting a WhatsApp chat conversation removes it from your WhatsApp app and gives you the option to block us from sending further messages to you.
Messages sent to us are individually encrypted between your device and WhatsApp’s messaging servers, and WhatsApp’s messaging servers decrypt these messages and relay them to us over TLS. Our replies are similarly sent over TLS to Apple’s messaging servers, which then re-encrypt the message to your device. As with WhatsApp, messages are queued for delivery to offline devices for up to 30 days.
19. Virtual Agent Service
We use third party providers IMImobile and IBM Watson to supply and support our Virtual Agent Service which is our virtual assistant tool to enable you to interact with us when you contact us.
Only you can initiate the conversation. We will generate an opaque URN that will allow the npower agent who picks up your messages to associate you with your npower customer account. The messages will be stored so that should you come back via this or another messaging channel your conversation history is retained. This information will be retained in the IMImobile platform for three years. IBM Watson also store the conversation history for a period of 30 days for usage and performance reporting.
When you chat with our Virtual Agent you can ask frequently asked questions (FAQs) and simple questions which are not account specific. If the chatbot is unable to answer your query you will be referred to an npower agent. If you have specific account related questions then you will be taken through the npower identification and verification process where you will be asked questions to confirm your identity and to verify that you are who you say you are. You will be asked a number of questions for example your first and last name, account number, address, etc. Once you have passed the npower identification and verification process you will be able to ask specific account related questions to the Virtual Agent.
Messages sent to us by you are encrypted in transit using TLS 1.1 and 1.2. Our replies are similarly encrypted in transit before they reach your device.
npower support teams and IBM and IMI technical support teams may (on rare occasions) be able to access your chat conversation history to identify any problems with our service and to provide enhancements and bug fixes. However there are controls and measures in place to ensure that access is restricted and is only available in limited circumstances to authorised users.
20. Online payments
21. Mobile application (App)
We have deactivated our mobile App so its functionality is no longer available. If you still have it on your device, please can you ensure you delete it as soon as possible.
22. People who contact us via social media
23. Visitors to our websites and use of our App
Like most websites and Apps, we use "cookies" - small text files that are saved to your device. We test different versions of the App and the website before we finalise changes to ensure that any improvements make it easier to use. Cookies help us to track how a user progresses through sections of the App and our website that we are testing.
More details about cookies, how we use them and how you can disable them can be found on our cookies page.
25. Data retention and managing your information on our website and App
26. Updates and changes to this privacy notice
This notice was updated in February 2021 (clarifying that we have deactivated the App but will continue to use any information you provided through it to manage your account) and it replaces any previous policies we may have provided to you. We regularly review it and we can update it at any time so it is a good idea to check it from time to time to see if anything has changed. If we make any significant changes to this policy or to how we use your personal data we will contact you to let you know about the change and where appropriate ask for your consent.