Powershop privacy policy.
Using your personal information.
This is the privacy policy for Powershop and only applies to customers who have left Powershop and not moved over to E.ON Next.
We would encourage you to read this policy thoroughly so you know how we use your information, who we share it with as well as understanding your rights. We are committed to collecting and using your information fairly and in accordance with the requirements of data protection law.
Privacy Notice
This notice covers how we will handle and process personal information we obtain about individuals collected by Npower Limited and PS Energy UK Limited (“we”, “us” or “our” for short).
This notice is in addition to your Powershop standard terms and conditions for supply of electricity and gas.
Please note that this privacy notice only covers the supply of energy by Powershop to its customers under the Powershop brand. The npower group are not covered under this notice. Any visits to the Powershop website or the npower websites are covered by their own privacy policy and permitted use.
Updated: December 2020
Introduction
This notice sets out how we collect and handle your personal information such as when you purchase products and services from us, when you see our online customer portal and mobile app, and when you contact us, how we store and use it, and how you can access and manage this information.
Our Data Protection Officer (DPO) provides help ad guidance to assist us in meeting our obligations and to ensure we protect the data we hold about you. We take your privacy seriously and take appropriate steps to protect the personal information we collect from you and to make sure that your personal information is kept secure and only used in line with this notice.
Our group and your products and services
We are what is known as a controller of personal information we collect and use about you. When we refer to “we” “us” “our” we mean PS Energy UK Limited trading under the name of Powershop (who will provide all the services to you other than electricity/gas which is supplied by Npower Limited and Npower Gas Limited who are the official gas and electricity licence holders and providers of corporate services to PS Energy UK Limited). Your data may be shared with our group companies however this is limited to sharing that is necessary in relation to products and services that are provided by those companies or where necessary for support and administration purposes
We are what is known as a controller of personal information we collect and use about you. When we refer to “we” “us” “our” we mean PS Energy UK Limited trading under the name of Powershop UK (who will provide all the services to you). Products and services may be shared within subsidiary group companies, these include Npower Limited and Npower Gas Limited (as the official gas and electricity licence holders and providers of certain corporate services to PS Energy UK Ltd). Products and services may be shared within subsidiary group companies. Your data may also be shared with our group companies in order to provide you with relevant products and services and/or to operate our business efficiently.
Npower group company
PS Energy UK Limited is part of the npower group of companies.
The current npower group includes the following companies:
E.ON UK plc and the companies owned by E.ON UK plc (including E.ON Next Energy Limited company number 03782443) who provide energy and related products and services (“E.ON”) following the acquisition by E.ON’s parent company, E.ON SE, of a majority shareholding in the parent company of the npower group, innogy SE
Npower Group Limited (company number 8241182)
Npower Commercial Gas Limited (company number 3768856)
Npower Direct Limited (company number 3782443)
Npower Limited (company number 3653277)
Npower Gas Limited (company number 2999919)
Npower Northern Limited (company number 3432100)
Npower Northern Supply Limited (company number 2845740).
Npower Yorkshire Limited (company number 3937808)
Npower Yorkshire Supply Limited (company number 4212116)
PS Energy UK Limited (9850654)
The address and registered office of E.ON and EON Next Energy Limited is Westwood Way, Westwood Business Park, Coventry, CV4 8LG
The address of innogy SE is Opernplatz 1, 45128 Essen, Germany.
The address and registered office of the other companies in the npower group is Windmill Hill Business Park, Whitehill Way, Swindon, Wiltshire SN5 6PB.
You can find out more about Powershop at privacy notice or about E.ON or E.ON Next at eonenergy.com/privacy
So, what personal information do we collect about you?
We need to ask you to provide certain personal information depending on the products and services we provide to you. It may be obtained directly from you when we speak to you or via our website or mobile App or from another third party or organisation or person.
We will tell you if we may require your consent to use the information for specified purposes.
From you:
We collect information directly from you as requested by our signup process online or over the phone and contact forms you may complete. For example, we collect the following to assist us in setting up your account and to verify who we are dealing with (which may include collecting information about a landlord where they become our customer for the period where there is no tenant responsible for the supply to the premises):
Full name (including title), age/date of birth.
Home address or a billing address if different from the supply address and previous address if you have lived in the property for less than 2 years.
Phone number, mobile number and email address.
Bank account details as well as credit or debit card details if you pay through those means.
Meter details such as the meter serial number, MPAN or MPRN.
Gas and electricity usage (via meter reads provided by you).
Medical health conditions or other vulnerabilities.
Information about your property’s characteristics (for example its age, number of bedrooms) if you have requested energy efficiency advice or want to compare your energy usage with other properties similar to yours.
When you use a debit or credit card online or to make payments online your debit card or credit card information is transmitted using Secure Socket Layer (SSL) protocol, this encrypts your information. Your information will be provided directly to a PCI (payment card industry) compliant third party acting on our behalf such as Mastercard who we use to process the payments for you. We may collect your bank details for similar reasons –these will be held securely by us and wherever possible we will only display the last four digits of your account number. We will only ever collect your credit/debit card and bank account details when you are in a secure area of our website/App. On the website you can see that you are in a secure area if you can see a closed padlock or “https” at the top of your screen. On the App we display a padlock symbol on the “continue” button after you start a payment journey.
Financial details (e.g. salary, benefits) to assess your details to pay.
We may also collect:
Occupier details (for example the number of people living in the property) for assessing vulnerability and providing you appropriate products and services.
Information about other products and services that you have with us so that we can target out communication with you more effectively.
From you about other people:
Medical health conditions or other vulnerabilities about others in your household.
If you provide information on behalf of anyone else, then in doing so you are confirming that you have explained how their information may be used by us and they have given you permission for us to do so.
If you have provided any sensitive information about yourself or others (such as health related information) you agree (and are confirming that the person who the information is about agreed) that we can use the information as set out in this notice. This may happen because you are acting as the representative on the customers behalf or because someone who is living with you requires additional support that we are able to offer.
From third parties:
Industry sources who are involved in your electricity supply (such as your distributor, meter equipment owners and meter readers), or who can enhance and/or verify information you have provided (such as direct debit verifications and meter discovery verifications) other energy suppliers as well as from industry organisations who operate and maintain databases on behalf of the industry to assist (for example) in the change of supply process.
Other industry organisations like network operators or transporters (who may also share information provided to them by water companies in line with agreed industry processes) about your individual circumstances (for example health related issues) to make us aware that you may require additional support and to enable us to see if you are eligible to be added to our Priority Services Register.
Credit reference or fraud prevention agencies in relation to your repayment history or your credit rating which may include public information about bankruptcies or county court judgments against you.
Credit reference or fraud prevention agencies and other publicly available information to identify you if you have not told us who you are (i.e. your account is set up in the name of an “occupier”) or we need to trace you or the people linked to you because you owe us money.
Agents like meter readers (who check your meter to see if it is safe to obtain a read so we can bill you or assist in sorting out meter issues) or debt collection agents or other service providers who are contracted by us to provide services to you on our behalf.
Publicly available sources like the electoral register or phone directories (for example 192.com) or from the Land Registry or Companies House or social media to verify your information or to trace you if you have moved without paying your bill.
Other companies or organisations (e.g. data brokers) where they have an appropriate legal basis to provide your information to us for commercial gain so we can check the accuracy of the information we hold about you and update or add any information that may be missing e.g. your contact details to your account.
Landlords or letting agents who own or manage your home and who provide your details so we can set up an account in your name or from third party agents like switching sites (brokers) who you authorise to carry out your switch to us.
Other companies like energy comparison sites or brokers where you sign up to our products and services through their websites or contact centres.
Social Media providers such as Facebook, Instagram and Twitter providers where we interact with you via social media.
Your smart meter in relation to your energy consumption information from either agents appointed on our behalf or from the industry organisation set up to do so (once they are in a position to do so). See the section on “Use of Smart energy data” for more details.
Other companies or organisations where you have given them your consent to share your personal information with us so we can see if you are eligible for additional financial assistance.
From our Public Website:
We collect certain data automatically from your visit to our website Powershop or our mobile App to help us understand how you are using it, track and administer it and diagnose problems.
Secure Customer Platform (web and mobile app):
We and our processors (and our sub-processors such as, but not limited to, Crashlytics and Raygun) receive information such as your IP (internal protocol) address your npower select account number, consumer number, email, name property address, MPAN, MPXN, meter serial number and crash-specific-information (e.g. for a failed payment, any personal information you put in banking reference fields and payment amounts). We use this information to allow us to help understand how you are using npower Select to track and administer the platform and diagnose bugs, incidents, crashes and other problems.
We will receive additional information when the mobile app crashes. As part of the crash report Apple and/or Google Play (depending on your phone operating system) receive basic device information (such as device model and operating system version) and the version of the mobile app you are using. The mobile app also provides the ability to send a detailed crash report from your installed email client- you have to explicitly opt in to do this and can fully review the report before you send it to us.
In addition to standard mobile permissions (for example access to the internet in order to be able to communicate with npower Select servers) we will collect information about your mobile device including the model and brand, the operating system and version, the screen resolution, the date and time on it, video graphics card and memory available, language, time-zone and locale country.
Access to your device’s memory to temporarily cache permitted images and data (including personal data) to load them faster to you.
Access your push notification settings such as control vibrations, prevent phone from sleeping to send you push notification in accordance with your preferences for things like meter reading reminders, We use a unique identifier token for each mobile device which we share with our notification service provider for them to send the mobile app notifications to. They receive information about your mobile device (see above) and other information they need to serve the push notifications to it (including but not limited to your service provider, customer account number, mode of connection to the internet).
Very limited personal information can be contained in those notifications (for example the address supplied by Powershop). You can customise what notifications you are sent by going to the Account Settings within the App.
Opt-in access your device’s camera to use the flashlight, if you turn on the flashlight icon at the top right of the meter reading entry screen, to help you read the meter outside. Enabling this permission does not allow our mobile app to access your photo library.
Access to your device to improve user experience when receiving notifications while using the app.
Access to your device’s biometric authentication feature (e.g. fingerprint or face scanner) to allow you to securely log into the app without entering a PIN.
Webchat:
We use a third party provider to supply and support our webchat service which we use to handle customer queries in real time. If you use the webchat service we will collect details such as your name, address, and the contents of your webchat session. This information will be retained by us in line with your other communications held by us. The third party provider will delete this information after two years.
How we use your personal information and who we share it with - the legal basis and the purposes
We can only use your personal information where that is permitted by data protection laws. Those laws require that where we use your personal information we must satisfy one condition (legal basis) for processing. The legal bases are consent, to comply with our legal obligations, to perform a contract, our legitimate interests and for special category data (health) we may rely on consent, vital interests and public task as applicable to the purposes we are processing that information for.
Set out below are the different legal bases as well as examples of the types of processing we carry out:
Legal Basis for Processing
Consent
Where you have provided us with consent we will rely on that to process your information for the purposes set out at the time that the request for consent was made.
You can always change that consent at any time (either by withdrawing it or giving your consent where you previously hadn’t). The consequence of that might be that we are no longer able to do certain things for you.
See the section on “What rights do you have over your personal data?” and then “Right to withdraw Consent”
Processing activity (purposes)
Cookies We use cookies on our website to collect information about the device you use to access our website or App or sometime third parties collect that on our behalf.
You are asked to do this before using our website/App. If you refuse consent or you later remove it, you may affect our ability to provide the services you want.
See our cookies policy at : powershop.co.uk/legal/cookie-policy
Marketing
From time to time if you have agreed we may provide you with marketing information relating to loyalty rewards, customer promotions and competitions about our products and services (including by phone, text message, email, via your online account, and via your Smart in home display and via e-marketing i.e. using the internet and digital media technologies (for example social media), which we think may benefit you in your everyday lives.
We ask for consent when you sign up with us, but you can change your mind at any time.
We will never use your consent to marketing to share your details with third parties.
Smart meter half hourly energy use
If you have a smart meter installed at your property, we will only collect details of your half-hourly energy usage if you have given us your consent to do so.
Market research
From time to time we may ask you to participate in market research including customer surveys or customer focus groups – if you agree, your feedback is given with your consent.
You agree to the disclosure
If you request us to disclose your personal data to other people or organisations such as to a relative to deal with your account or to a person or organisation who has agreed to pay your bill or to a company dealing with a claim on your behalf or you otherwise agree to such disclosures (for example to a charity providing you with debt assistance).
When we process any special categories of personal information at your request (e.g. your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation).
Priority Services Register
If you elect to go on our Priority Services Register or PSR (which is a service open to certain customers who due to their health, age etc may require additional assistance), we need your consent to store and share your sensitive health information. If you consent to us storing and sharing this sensitive health information we will use it and pass it on automatically using standard industry dataflows to relevant industry bodies like electricity distributors, gas transporters, (who may share it with water companies in line with agreed industry processes) other energy suppliers, any sub-contractors like metering companies that provide field services to enable us and them to consider what additional help and support you may need for example if there is a power loss or loss of water supply.
Your details supplied as part of the PSR will never be used for marketing. You need to let us know if anything changes so we can ensure we provide the most appropriate support for you. If you no longer want to be part of the PSR, or you don’t want us sharing that information with third parties, just let us know. More information is available at Priority Service Register
We also receive crash reports if you download and use our mobile app and it crashes, where you consent to send a crash report via your operating system (Apple or Android).
Legal Basis for Processing
Vital Interests
We may need to share your vulnerable information with third parties because we believe you or someone else’s life is in imminent danger. This will be assessed on an individual basis and we will not share information unless we really believe there is a serious risk. We anticipate this will occur very rarely.
Processing activity (purposes)
Whether or not you are registered on Priority Services Register referred to above if you are in danger of being cut off and we believe you or someone else’s life is in imminent danger and you may need extra help, we may record vulnerable information about you and share it with support agencies and the Police. We may also share this information with the relevant gas transporter, metering agents or network operator.
Legal Basis for Processing
Special Category Data and Public Task
Processing activity (purposes)
Where we process special category data about you (e.g. health data), we may rely on the substantial public interest involved as an additional condition for processing that data.
We may process your data in this way and share it with other organisations in situations where we know you require additional assistance and either we, industry organisations like transporters and distribution network operators (who may then share that information with water companies in line with agreed industry processes) or another supplier need to process your data so we/they can offer or continue to offer you appropriate services to meet your needs and to ensure you remain on supply.
If we process your data under this condition we will act in a way that’s proportionate.
Legal Basis for Processing
Performance of our Contract with you for supply of your energy and to take steps at your request prior to entering into that Contract
Processing activity (purposes)
To provide you with a quote.
To help us identify you so we know who we are talking to and to authenticate the information you provide for security purposes. We may check against information we already hold about you as an energy supplier and potentially publicly available information such as social media.
To set you up in the appropriate industry systems based on agreed industry processes when you change your supply to or away from us including obtaining meter reads, resolving metering disputes etc. We share this information with metering operators and metering asset managers, local lines companies, and transmission companies, meter equipment owners, meter readers, other energy suppliers as well as industry organisations who operate and maintain databases on behalf of the industry to assist (for example) in the change of supply process or the provision of industry data analytics to improve or enhance the energy efficiency of our operations compared to other energy suppliers.
To set up and manage your account including processing and collecting payments, recovering debts, analysing your account history and improving our service to you which include sending you:
notifications via our mobile app (if you download it) regarding Powerpacks so that you have every opportunity to save money;
service messages such as meter read and payment reminders, changes to our opening hours by mobile app notifications, text and/or email;
account notifications and communications such as price and other terms and conditions changes by mobile app notifications, text and/or email).
To verify information, you have provided us such as direct debit information (to make sure we have the right bank account and it is not stolen), your address (to make sure it is accurate and a real address) or your metering information so we can be sure we can supply you.
To measure your energy use and work out your bills.
To supply you with any products or services you have asked us for such as the supply of gas or electricity (or both).
To ensure we meet our quoted price(s).
To report to and pay our referral partners such as broker websites like uSwitch.
To assess health and safety, environmental and financial risks to you.
To arrange for other Npower group companies to provide services to you where we do not offer them, and to meet legal or regulatory obligations – for example, if you need or want a prepayment meter, are on a green deal, need energy efficiency advice, or you are not a domestic customer.
To provide and improve customer support.
To resolve complaints and dispute resolution.
To train our staff and monitor our services. This may involve us recording our conversations with you or keeping copies of our correspondence with you to make sure we are providing you with a good service and are keeping to our legal and regulatory obligations.
We also use services such as Hockeyapp, Raygun which diagnose errors in the App and provide us with bug reporting tools to enable us fix them.
Legal Basis for Processing
To fulfil a Legal Obligation
This is where we are required to do something by law, regulatory requirement or by way of a court order.
Processing activity (purposes)
To comply with legal and regulatory requirements including those set out in the relevant gas and electricity Acts, our licence conditions and industry codes which govern how we operate. We may share this information with Ofgem (or any organisation which takes over Ofgem's role) or directly to an agent acting on their behalf, or as part of a government data-sharing initiative for example ones aimed at helping people who cannot afford to pay for their heating and electricity. They may pass that information to other agencies to be analysed or for other purposes relevant to their request or investigation.
To comply with orders made by the Court where we may be required to disclose information about you.
To provide certain information to Ofgem as regulator for the energy industry either as part of an investigation by them or as part of request for information or as part of an audit of our services (usually aggregated to a non-personal level).
For demand forecasting and settlement in so far is required to meet our industry requirements.
To comply with the law. We may share such information with our legal advisors and auditors.
To relevant law enforcement agencies or government agencies where we have been asked to provide the information for legal or regulatory reasons (if we receive a legitimate request for the information).
To assist you if you exercise your legal rights under data protection law.
To verify your identity, make credit fraud prevention and anti-money laundering checks.
Legal Basis for Processing
As necessary for our own Legitimate Interests
This is where we use your personal information for our normal business purposes where the benefits of doing so are not outweighed by your fundamental rights or freedoms.
You have a right to object to this type of processing. See the section on “What rights do you have over your personal data” then “Right to object to processing based on our ‘legitimate interests’ as a business”
Processing activity (purposes)
To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance, and audit. We may share this information with our legal and professional advisors including our auditors.
To help prevent and detect crime such as fraud and money laundering where this is not covered by our legal requirements and we are processing your personal information to help reduce the cost of this activity being spread across all customers by way of increased prices.
We will share this information with the police, other relevant law enforcement agencies, regulators, public bodies such as local and central authorities (including government agencies/departments) where we have been asked to provide the information for legal or regulatory reasons (such as prosecuting offenders, assessing or collecting tax).
For conducting business analytics and industry analytics such as carrying out internal reporting, profiling, modelling and analysis, market research, producing statistics. We may share this information with agents acting on our behalf, including creative agencies, professional user experience testing agencies and search engine optimisation agents.
To carry out credit checks and assess your creditworthiness. We will share this information with credit reference agencies such as Experian. Further details of this are set out below under the heading ‘How we may share your personal information with credit-reference agencies’.
We may take measures to ensure we carefully consider switch back when you have failed to pay for your energy supply in contravention of your contractual obligations.
To facilitate and carry out industry theft and fraud (TRAS) investigation and reporting. We may share that information with Ofgem, the industry appointed TRAS Fraud Prevention Agency, our parent company and other interested parties such as other energy suppliers, landlords, housing associations, fraud prevention agencies and other organisations (such as the police) involved in crime and fraud prevention who may also use this information. Further details are available under the heading ‘Theft and Fraud Prevention’ below.
To diagnose problems and test systems to ensure security and help improve the way we provide our services and the products. We will share information with our processors and sub-processors for the development and testing of our IT systems, diagnosing and implementing bug fixes, and diagnosing and dealing with incidents.
To carry out web analytics to analyse and better configure our website.
We may use limited personal details (e.g. email, phone number) in a secure manner to serve you with better targeted advertisements online, such as on social media sites like Facebook. We do this to better target any ads we place on those online sites.
We may use a partial postcode to provide you with weather updates for your local area. We may also use this weather information in combination with your consumption data to better understand trends in your consumption.
If an organisation takes over all (or nearly all) of our business or assets, we may pass your personal information to them and we may pass details of any debt you may have with us to your future service provider.
To assist in debt prevention and debt recovery which may include tracing where you have moved to and identifying who is responsible for taking supply where such processes go beyond what is strictly necessary for the performance of our contract with you.
We may share this information with a credit reference agency debt collection agency or fraud prevention agency to trace you if you have not provided your contact details or a forwarding address so that we can recover your debt or we may pass your details on as part of current or future legal action.
Whether or not you are registered on PSR referred to above if you are in danger of being cut off or we believe you (or someone who lives with you) may need extra help we may record a generic vulnerable marker (not going into any specific details about you or them).
You or a member of your household may need this extra help as a result of your (or their) health, age, disability or financial circumstances (we assess and record who may require extra help as a result of their circumstances) to assist you or them and ensure you or they stay on supply.
We will use it to assist us in providing the priority services you have requested (if any), managing your account so we are aware you may need additional help and support (for example having a bespoke debt pathway), for internal performance review, analysis, reporting and audit purposes (both internally and to report to Ofgem) to ensure our compliance with our obligations and to improve our services to you.
We may share information about your circumstances with agents and service providers (like metering companies) who carry out services on our behalf. We may also share the fact you are potentially vulnerable (providing no special category data) with industry organisations like transporters and distribution network operators (who may then share that information with water companies in line with agreed industry processes) so that they are aware you may need additional assistance and can offer you appropriate services in case, for example, of a loss of power or water supply.
To take part in government or industry initiatives (for example to tackle fuel poverty, improve energy efficiency or other social or consumer interests) or assess how the energy sector is working for example by a lawyer or Ofgem or to the Information Commissioner (if we receive a legitimate request for the information).
To contact you with service messages that are not strictly necessary for the performance of our contract but we believe will assist you and will improve our service to you unless in each case (with the exception of service messages or online notifications via your account) which you are required to receive as part of having an online account), you tell us you do not wish to receive such service messages, notifications and communications by those means and you are not required to receive them as part of the product and/or services you have signed up to.
If you have a display unit with your smart meter, we may send messages (for example, general energy-efficiency messages) direct to it, unless you let us know at any time that you do not want to receive such information.
If you have a smart meter to record your daily smart meter energy use unless you have told us otherwise (see the section on “Use of smart energy data” below).
Where you lodge an interest in having a smart meter fitted and this is not a requirement of your terms and conditions and you provide us with basic information about the type of property you live in to enable us to assess your eligibility now and in the future.
We use services such as Firebase Analytics and Firebase Monitoring (owned by Google) to collect information about our mobile app and help us analyse it and better configure our service. Google collects a range of information to report on via these services, such as the town in which the user is located at the time of login (estimated based on IP address), the number of visitors on our mobile app per day, which pages they visit, and the types of devices using our mobile apps (make and model). We also use services such as Mixpanel which gather data through events or actions that you perform in your app These are pre-programmed "things" which represent a specific user action (and the basic device type such as Nexus 5). For example the number of times you view your balance or purchase powerpacks if you are a Pro customer.
If you do not want us to use Firebase Performance Monitoring or Firebase Analytics or Mixpanel in respect of your use of the mobile app then you can turn this off in the mobile app on each device by going to the main menu: >Settings> <Share app analytics> and toggle the button off.
Who we share your personal information with
We may pass information about you to our agents and service providers for the purposes set out in this privacy notice for the following purposes:
a) Agents acting on our behalf to carry out profiling, modelling and analysis, market and customer research, statistical analysis to help improve the way we provide our services and the products that we are able to make available to you. These agents include creative agencies, professional user experience testing agencies and search engine optimisation agents. We do not provide personal information to these agents unless it is specifically required for services they provide for us (for example customer testing).
b) Our processors and sub-processors for the development and testing of our IT systems, diagnosing and implementing bug fixes, and diagnosing and dealing with incidents.
c) Our email platform service provider or SMS service provider or other sub processors we may use to send you service messages and marketing messages (when you have consented to receiving them) on our behalf.
d) Metering service providers who visit your property to read, inspect or replace your meter(s).
e) Relevant industry organisations and agencies based on agreed industry processes. These include metering operators and metering asset managers, local lines companies, and other energy retailers. Distribution and network companies, transmission companies, meter equipment owners, meter readers, other energy suppliers as well as industry organisations (such as xoserve and Gemserv) who operate and maintain databases on behalf of the industry to assist (for example) in the change of supply process and Smart DCC Limited, who manage the data and communications network connecting smart meters to ourselves and other industry suppliers, or the provision of industry data analytics to improve or enhance the energy efficiency in the energy market and/or to improve or enhance the efficiency our operations compared to other energy suppliers.
f) Credit-reference agencies such as Experian (see ‘How we may share your personal information with credit-reference agencies’ below for more details).
g) Other Npower Group companies to facilitate any future migration of your account, for general business purposes, as we may benefit from expertise within the business, back office and customer service support, and to maximise the effectiveness of Npower group customer campaigns to avoid cross-selling of energy by other Npower group companies.
h) With E.ON (as PS Energy UK Limited, currently trading with you as Powershop UK have become part of their group of companies) who may then share your information with their service providers and agents (who act on E.ON’s behalf to support E.ON’s business activities) to enable them to supply you with energy and service your account in the future. If you want to understand more about how E.ON handles personal data you can view their privacy policy at eonenergy.com/privacy
i) The police, other relevant law enforcement agencies, regulators, public bodies such as local and central authorities (including government agencies/departments) where we have been asked to provide the information for legal or regulatory reasons (such as prosecuting offenders, assessing or collecting tax, investigating complaints or assessing how the energy sector is working) for example by a lawyer or Ofgem or to the Information Commissioner (if we receive a legitimate request for the information).
j) If you do not pay a debt, we may ask a debt recovery agent to pursue that debt on our behalf or we may transfer your debt to another organisation and give them details about you and that debt or we may use a credit reference agency or fraud prevention agency to trace you if you have not provided your contact details or a forwarding address so that we can recover your debt or we may pass your details on as part of current or future legal action.
k) For regulatory purposes to Ofgem (or any organisation which takes over Ofgem’s role) or directly to an agent acting on their behalf, or as part of a government data-sharing initiative for example ones aimed at helping people who cannot afford to pay for their heating and electricity. They may pass that information to other agencies to be analysed or for other purposes relevant to their request or investigation.
l) If an organisation takes over all (or nearly all) of our business or assets, we may pass your personal information to them and we reserve the right to tell your future service provider of any debt you may have with us.
m) To comply with the law.
n) Our legal and professional advisors including our auditors.
o) If we suspect someone has committed fraud or stolen energy by tampering with the meter or diverting supply we’ll record those details on your account and may share that information with Ofgem, the industry appointed TRAS Fraud Prevention Agency and other interested parties such as other energy suppliers, landlords, housing associations, fraud prevention agencies and other organisations (such as the police) involved in crime and fraud prevention who may also use this information (see the section on “Theft and Fraud Prevention” below).
p) We may share your vulnerable information with Social services, and with medical and healthcare professionals or other similar support agencies and provide this information to other energy suppliers in line with the Energy UK “safety net procedures” if you decide to change supplier. We may also share this information with the relevant gas transporter, metering agents or network operator (either of whom may then share that information with water companies in line with agreed industry processes) or metering agents.
q) To other parties connected with your account for example if you have provided a delegation of your authority, or a power of attorney to a partner, relative or a friend to allow them to assist you in dealing with your account or to a person or organisation who has agreed to pay your bills.
Theft and Fraud prevention
If we suspect that someone has committed fraud or stolen energy by tampering with the meter or interfering with the supply we will record your information and share it (for as long as you have an account with us) on a regular basis (including occupier details, property type and consumption data), with the industry appointed TRAS Fraud Prevention Agency (including their sub-contractors (if any) who will use that information and that of other customers (whether or not supplied by us) to check public and other databases they hold or have access to so that they can profile geographical, behavioural and other similar trends for the purpose of theft and fraud risk assessment and to generate leads based on that analysis which they will pass on to us for the purpose of preventing and detecting the theft of energy and the prosecution of offenders (“theft leads”).
The TRAS Fraud Prevention Agency will hold this information and may provide it to other energy suppliers (where you have an energy account with them) or to Ofgem and other industry bodies in accordance with agreed industry processes and the information may continue to be used even following termination of this agreement where you are supplied by a different supplier.
We may use any information we have collected as well as any theft leads received from third parties including the TRAS Fraud Prevention Agency to (where relevant and appropriate) detect, investigate, pursue (including prosecute) and prevent (in so far as possible) theft and fraud.
If we suspect or confirm that you have committed fraud or stolen energy by tampering with your meter or interfering with the supply we will record this information on your account and where appropriate will share the information with the TRAS Fraud Prevention Agency who may also retain a record of this information. We may use this information to assist us in making decisions about your payment arrangements and the products and services we offer you in the future.
How we may share your personal information with credit-reference agencies
We have set out below how we may share your personal information with credit-reference agencies and how they may record and use your personal information.
a) In order to process your application (for example when you apply to take supply from us or you move home), we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”) as well as using information we already hold about you for internal credit risk and debt management and to help us assess your ability to pay. Where you take products and services from us we may also make periodic searches at CRAs to manage your account with us.
b) To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your application and about your financial situation and financial history. CRAs will supply to us both public (including the Electoral Register) and shared credit, financial situation and financial history information and fraud prevention information.
c) We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your closed accounts. We record your current balance and how you manage your account and may share this information with CRAs. If you owe us money and when requested do not repay in full and on time we may share this information with CRAs. This information may be supplied to other organisations (like banks, other utility companies, companies who offer you credit to purchase goods) by CRAs which may affect your ability to obtain credit.
d) If we consider that your account is in default (i.e. you have not paid us and are in breach of your agreement with us or you are making ‘token’ payments towards your debt) we will notify you and if you do not pay us we will report the unpaid debt to CRAs who will record that default on your credit file.
e) If you set up an instalment plan or some other form of payment arrangement with us to repay a debt (including paying off a debt through a prepayment meter) then a payment arrangement flag may be recorded on your credit file. We may record such a flag whether you are a current customer with us or one who has left us to go to another supplier and had their account closed with an outstanding debt that remains to be paid. This information may be supplied to other organisations (as described above) by CRAs and may affect your ability to obtain credit.
f) We will use information we receive from CRAs along with information we already hold about you to:
Assess your creditworthiness and whether you can afford to take the product and/or services;
Verify the accuracy of the data you have provided to us;
Prevent criminal activity, fraud and money laundering;
Manage your account(s);
Trace and recover debts;
Ensure any offers provided to you are appropriate to your circumstances;
To assess your ability to pay versus financial risk to decide on the appropriate debt recovery activity and the application of debt recovery fees (in line with guidance on ability to pay from Ofgem) including sending you timely service messages and/or contacting you by telephone if it looks like you are or are about to get into payment difficulties.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other organisations (like banks, other utility companies, companies who offer you credit to purchase goods).
g) If there are people who are associated with your account for example you tell us that you have a spouse or financial associate, we may share separate records for each individual, so you should make sure you discuss this with them, and share with them this information, before making your application or providing their details (for example adding them as a person who has authority to act on your behalf in relation to dealing with your account). CRAs will link your records together and these links will remain on your and their files until such time as you or your partner or financial associate etc. successfully files for a disassociation with the CRAs to break that link.
h) We may also use information obtained from CRAs where you have failed to tell us that you are the owner and/or occupier of the property we supply. In the event that the CRAs are able to positively match your details from their search of information from other companies, the Electoral Register etc. then we will use that information to follow our internal processes to take steps to set up an account for that property using the details provided by the CRAs. Before we do so we will contact you and provide you with the opportunity to correct any information we have obtained. Where it is clear that you are the owner/occupier of the property and taking energy supply we will set the account up in your name and record the current balance and share that with CRAs. If you owe us money and when requested do not repay in full and on time we may share this information with CRAs which may affect your ability to obtain credit.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the Credit Reference Agency Information Notice (CRAIN). CRAIN is accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document:
TransUnion transunion.co.uk/crain;
Equifax equifax.co.uk/crain;
Experian experian.co.uk/crain.
If you would like to see what information the CRAs hold about you, you can contact those currently operating in the UK. The information they hold may not be the same, so it is worth contacting them all. They will charge a small statutory fee.
Credit reference agency - Contact details
TransUnion Limited
Post: TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP.
Email: customer.relations@callcreditgroup.com
Phone: 0330 024 7574
Equifax Limited
Post: Equifax Ltd, PO Box 10036, Leicester LE3 4FS
Email: complaints@equifax.com
Phone: 0333 321 4043 or 0800 014 2955
Experian Limited
Post: Experian, PO BOX 8000, Nottingham, NG80 7WF
Email: complaints@uk.experian.com
Phone: 0344 481 0800 or 0800 013 8888
Automated decision-making and profiling
The law requires that we tell you if our systems conduct any processing, including profiling, which produces a decision that is completely automated and produces legal effects concerning you or similarly significantly affects you. We do not consider that any of the automated decision-making, including profiling, that our systems conduct fits this criteria.
Like all energy retailers, we do undertake necessary automated decision-making and profiling in our system to make setting up and servicing your energy supply efficient and accurate, such as verifying information you provide us on signup, matching your quote to your customer records, assigning the correct price to your property for your metering configuration, obtaining meter reads, estimating consumption, billing you, and tracking and recovering debt etc. If you wish our staff to review a decision taken by our system we are prepared to do so. See below under the heading ‘Who is your data controller?’ for details of how to contact us to request this.
We also conduct ‘profiling’ manually for our general business purposes like business analytics- see ‘How do we use your personal information?’ and ‘Legitimate interests’ for examples of the sorts of activities that we conduct which rely on the ‘legitimate interests’ legal ground. These types of general business purpose analytics are designed to help us make decisions about our customer base generally, rather than a specific decision about you.
We use automated profiling to create a profile of your credit worthiness based on the information you have provided to us, the information we have received from credit reference agencies and whether you pay your bills to us in full and on time and/or in accordance with agreed payment plans. We analyse this information manually to make an initial and ongoing assessment of your likelihood to pay your debts and to see what products and services we can offer you. We may also take measures to ensure we carefully consider switch back when you have failed to pay for your energy supply in contravention of your contractual obligations.
Profiling carried out by TRAS and Credit Reference Agencies
The industry-appointed TRAS Fraud Prevention Agency conducts profiling across all energy industry customers, including ours, in order to identify customers who have a higher likelihood of having committed energy theft. For more details see the earlier section “Theft and Fraud Prevention.’
Credit Reference Agencies conduct profiling across their databases and public records, including information that energy suppliers like us give them, to produce a credit score according to their proprietary methods. For more information see the earlier section “How we may share your personal information with credit reference agencies.”
Use of smart energy data
From the date your smart meter is installed or the date we notify you we are able to utilise the functionality of a smart meter that a previous supplier fitted, or from the date we take over your supply and your smart meter functionality is already available to us (as appropriate), we will use the smart energy consumption data for the purposes set out in this Privacy Notice.
a. Monthly
Monthly is the minimum level of data we are allowed to take for billing and regulatory purposes. If this is the level of consent you select we are also allowed to take ad hoc daily meter reads to maintain accurate billing where we need to send you a bill after changes to your account (for example if you move home or change your energy product), if we need to use the data to resolve a query or a complaint from you or if we think your smart meters have been damaged or been compromised in any way. Daily meter reads will help us understand the meter's recent activity so that we can diagnose and resolve the problem.
b. Daily
Unless you tell us you wish to opt out (object), not only will we collect your monthly energy data as set out above, we will also collect your smart energy data on a daily basis. If you would prefer us not to collect this level of energy data daily you can let us know at any time by calling us on 0800 294 0880 (generally free from most landlines) or by logging in to your account.
c. Half hourly
Subject to (l) below, if you permit us to, not only will we collect your monthly and daily energy data as set out above, your energy data will be measured every half hour. The data will only be collected by us once a day (during a daily download of that data from your smart meter).
d. Options
We will discuss the purposes for which your smart energy data may be used in greater detail with you either when you contact us, or we will get in touch with you prior to your smart meter being installed, or when you transfer your energy supply over to us, so that we gain your explicit consent for us to collect and use your half hourly data. Your half hourly smart energy data will not be collected and used by us unless we get your consent to do so. To discuss your options or change what level of energy data we collect, please call 0800 294 0880 (generally free from most landlines) or, by logging in to your account. You can do this by clicking on settings > properties > meter reading frequency, then choosing from the drop-down menu to pick your meter reading preference. secure.powershop.co.uk
e. You can change your mind about the use of your data whenever you like – but we are allowed to take monthly energy usage for the purposes set out above so that we can service your account.
f. If you decide that you want to change the level of smart energy data that you want us to collect that change will not be reflected at a meter level for up to 2-3 days from the date that you contacted us and the smart energy data for that period either may still be available to us and to you or may not be available to us or to you until your meter is updated depending on whether you were increasing or decreasing the level of energy data you want to have access to.
Additional Smart Energy Data Use Consent Requirements
g. If you have a smart meter in your property it is your responsibility to tell us if you move home. It is essential that you tell us in advance of that move taking place so that we can arrange for your smart energy data to no longer be available to any new occupier via the smart energy display in your home. If you fail to let us know then we may be unable to prevent your energy data being available to the incoming owner/occupier of the property. This may also have an impact on the availability of the new occupier’s data to them as we will only be able to prevent access to your data from the date that you let us know that you have moved and that may include some data for the new customer if you have moved out and they are already living in the property.
h. If you are a landlord you must notify us when your tenants move in or out. It is essential that you tell us in advance of that move taking place so that we can arrange for the previous tenants’ smart energy data to no longer be available to any new occupier via the smart energy display in your property. If you fail to let us know then we may be unable to prevent the previous tenants’ energy data being available to the incoming owner/occupier of the property. This may also have an impact on the availability of the new occupier's data to them as we will only be able to prevent access to the previous tenant’s data from the date that you or the new occupier let us know that the previous tenants have moved and that may include some data for the new customer if the previous tenants have moved out and the new customer is already living in the premises.
i. We are able to provide you with up to 24 months’ (or the period we have been your supplier whichever is the shorter) of smart energy consumption data as long as it is available from your smart meter. A smart meter is only able to store a limited amount of data so if you, for example, change your level of consent to enable us to collect more than monthly energy data then we will only be able to provide you with any retrospective information at that new level of energy data use if it is still available from your smart meter.
j. It will not be possible to purge (remove) your energy data from the systems once it has been collected so any consent to use the energy data is given with that restriction in place. If requested we will stop processing that data unless we have a legal or regulatory right to continue to use the data to deal with your account.
k. If you are the Landlord or owner of the property we supply and are also the bill payer but you do not live at the property, we may only be able to provide you with smart energy consumption data that is necessary to enable us to meet our contractual and legitimate responsibilities/functions to be carried out (such as billing and tariff comparison) are shared with you. We may be able to provide you with more granular smart energy consumption data if you provide us with your tenants details so that we can contact them, provide them with the purposes for which we will use their smart energy consumption data if you provide us with your tenants details so that we can contact them, provide them with the purposes for which we will use their smart energy data and seek their consent to provide you with more granular smart energy data.
l. If you are the account holder for gas and/or electricity at a property we supply, you need to understand that anyone who is living at or visiting the property will have access to the (SED) Smart Energy Display and will be able to see how much energy you are using, the price and the cost of that energy.
m. If your property has multiple meters (for example because you have converted two flats which have separate meters into one) then the level of consent you agree to will be the level of consent that will apply to all the meters in your property. We may need to discuss your level of smart energy data use and how your smart meter operates if your smart meter is set in prepayment mode.
n. If you also have an export meter (such as if you are on a feed-in tariff) we cannot be the supplier to whom your energy is exported so you will need to be separately supplied for your export meter.
o. If you also have an export meter and we are the suppliers to whom your energy is exported then any level of smart energy data use you have set for your import (supply) meter will apply to your export meter.
When do we pass your personal information outside the UK?
Although we are based in the UK we also may pass your personal information to service providers, agents and subcontractors based in countries outside the UK. We are permitted to transfer personal data outside of the UK to countries within the European Economic Area (EEA) as they are governed by the same basic rules and are deemed to have adequate safeguards.
There are a number of instances where we may pass your personal information outside of the European Economic Area (EEA) to countries that do not have the same data protection standards as we do in the UK. Firstly, we and our processors make sure that it happens with the relevant legal protection in place. Secondly, we always know when this occurs and make sure relevant security and contractual protections are in place.
We will only transfer your information:
to countries approved by the European Commission as having appropriate data protection laws to ensure an adequate level of protection for your personal information such as;
Canada, New Zealand. (For example one of our sub-processors which undertakes development of our IT systems is based in New Zealand, along with some other sub-processors they use. New Zealand holds an adequacy decision from the European Commission; or
Organisations who are members of the EU-US Privacy shield which covers transfers to the US. Visit www.privacyshield.gov for more information
where we have put in place our own measures to ensure an adequate level security as required by data protection law. For example the EU style Model Clauses used by a US based sub-processor with infrastructure in Australia.
If the UK exits the EEA without a withdrawal agreement (a “No-Deal” Brexit), we will continue to transfer personal data to countries within the EEA and to those countries that the European Commission has already deemed to provide adequate safeguards (including utilising the EU-US Privacy Shield) on the basis that they are also deemed to provide adequate safeguards by the British government. If we do not exit the EEA (Article 50 is revoked or delayed) or we exit with a withdrawal agreement, then the position remains as set out above.
Data Retention
We will keep any personal information that we process for the following retention periods:
Personal information processed - Retention period
Quotes - 2 years
Telephone recordings - 2 years
Information processed for the purpose of our contract with you - 7 years unless you are a still a customer with us and we require the information so that we can continue to supply you.
Information processed for our legitimate interest as a business except theft and fraud reporting - Between 2.5 weeks – 2 months depending on the type of processing
Theft and fraud reporting - 2 years
Information processed about you when you have failed to pay so we can ensure we carefully consider any switch backs - 3 years
Information processed as a result of a credit check - 7 years
Information kept for the purpose of complying with a legal obligation - 7 years
Security
Powershop complies with the security standards required by law, to protect your personal information. Any personal information you send via the post or email is at your own risk but once we receive it we use strict procedures to safeguard it.
If you are a Powershop customer, you are responsible for your email address and password. Your username and password can only be used in connection with purchasing products for the supply of energy to your property or properties. You should not tell anyone else your password or username, and if you do, you are responsible for paying for energy they buy from us.
When you use your debit card or credit card during signup or on our online web portal, the debit card or credit card information is transmitted using Secure Socket Layer (SSL) protocol, this encrypts your information. Powershop keeps only some of your debit card or credit card details. However, your full credit card and debit card details will be encrypted and securely stored by our online payment providers (currently Mastercard and Lloyds). Make sure you always logout when you have finished using the Powershop customer website, especially if you access Powershop from a shared computer.
What rights do you have over your personal data?
Information: You are entitled to know a range of information about your personal information such as what we collect about you, how we use it, who we share it with, what legal grounds we rely on, how to exercise your rights etc. This privacy notice give this information about our customers’ personal information, and the website privacy policy gives this information about our website visitors’ personal information.
Access: You are entitled to know what personal information we hold about you at any time. (If you write to, email or phone us and ask to see this information, it is known as a ‘Subject Access Request’ or ‘SAR’ for short). When we receive your request, we will send you a form to fill in, along with identity checks. If you do not return the form and/or answer our phone calls to verify you have made this request, we will not be able to deal with your request.
Data Portability: You can request the personal information you provide to us in a commonly used and machine-readable format. We already allow you to access your information online (including the ability to export your meter reads), but if you need other information or you don’t want to access it online you can contact us.
Accuracy/ Rectification: You can check that the personal information that we hold is accurate, or to let us know of any changes to your personal information. We always try to ensure that the information that we hold is accurate, up to date and relevant. We’ll be more than happy to make changes or to correct any inaccuracies.
Deleting/ Erasure: You can ask us to delete some or all of your personal information in certain circumstances (e.g. we no longer need it), and we are obliged to delete it. We can refuse to delete that information if those circumstances don’t apply e.g. we still need it to supply you with energy.
Restriction on use: You can ask us to temporarily stop using the personal information in the following circumstances:
Where you think your personal information is not accurate, we will temporarily stop using it until we have verified the accuracy of it, if we cannot resolve the accuracy of it straight away;
Where you have objected to our use of the personal information (in circumstances where it was necessary for the performance of a public interest task or for our legitimate interests as a business), and we are considering whether our legitimate interests as a business override your rights to object to our use of it;
When processing is unlawful, and you don’t want us to erase it, and request restriction instead; or
If we no longer need the personal information but you want it to establish, exercise or defend a legal claim.
If we have shared the personal information in question to third parties, we must inform them about the restriction on the processing of the personal information, unless it is impossible or involves disproportionate effort to do so. We must also inform them when we decide to lift a restriction on processing.
Right to withdraw Consent: Most of the personal information we require is necessary to supply you with energy, and we don’t rely on consent to use and retain it. However we do rely on your consent to contact you for direct marketing and to store and/ or share your personal information for our Priority Services Register. You can provide or withdraw your consent for either of these situations by calling or emailing our call centre (see below) or online:
For direct marketing, you can log on, go to the Settings tab, then the Accounts tab, Privacy & Data, then turn on or off the direct marketing option (as desired); or For the Priority Services Register, you can log on, go to the Settings tab, then the Properties tab, then change the Priority Services Register settings for each fuel and each property we supply.
We also rely on your consent to receive crash reports, if you have downloaded and use our mobile app. If you are not comfortable with us or those third parties receiving this information, do not consent to the crash report being sent when prompted. You can control whether Apple receive information about errors or crashes on your device when you first set up your device. You can control whether Android receives information about errors and crashes, by checking your device settings.
Right to object to processing based on our ‘legitimate interests’ as a business: If we rely on the legal grounds that we have a legitimate right as a business to use your personal information (as opposed to any other legal ground) then you have a right to object to us using your personal information for these purposes. See above under the heading ‘How do we use your personal information? ‘and ‘Legitimate interests’ for examples of the sorts of activities that we conduct which rely on the ‘legitimate interests’ legal ground.
You can exercise your right to object you can call or email our call centre (see below) or log on, go to the Settings tab, then the Accounts tab, Privacy & Data, then turn on or off the ‘legitimate interests’ option, and/ or the ‘web tracking and analytics’ option (as desired). If you do not want us to use Google Analytics in respect of your use of the mobile app then you can turn this off in the mobile app on each device by going to the main menu of the app then: >Settings> Google Analytics.
Right not to be subjected to automated decision-making: You have the right not to be subject to a decision based solely on automated processing which produces legal effects or similarly significantly affects you, except where we do so for the purposes of your energy supply, it is authorised by law, or you consent to it. In those circumstances you are entitled to at least contest any such decision and obtain a review. Our systems do not have automated processing that fulfil these criteria, but in any event if you wish our staff to review a decision taken by our system we are prepared to do so.
Complain: If you think we are using or processing your personal information in a way that is not consistent with this privacy notice or with the law, you can lodge a complaint with the Information Commissioner’s Office. Contact details are available at ico.org.uk/concerns. We would always prefer you to contact us first though, to see if we can answer your concerns.
You can exercise any of these rights by contacting us as set out below under ‘Who is your data controller?’ below.
External links from our website and App
From time to time we may include hypertext links to sites which are created by individuals and companies outside of our group companies. We do this when there is a particular relevance to the topic you're reading about. Whilst we endeavour to check that the content of these sites is suitable, we unfortunately cannot take any responsibility for the practices of the companies who publish the sites that we link to, nor the integrity of the content contained within them.
This policy does not cover the links within this site or App linking to other websites. We encourage you to read the privacy statements on the other websites you visit
Who is your data controller?
PS Energy UK Limited is the data controller for the personal information. You can contact us to exercise any of your rights or if you feel that we are not complying with the terms of this privacy notice by:
emailing privacy@powershop.co.uk,
Contacting us using the ‘Contact us’ forms on our website powershop.co.uk/contact-us or our mobile app; or
calling our call centre on 0808 501 5200* (should be free from all mobiles and generally free from all landlines);
logging on, going to the Settings, then Privacy & Data, then turning off the direct marketing option;
writing to us at Data Protection Officer, Powershop, 5th Floor, 125 Colmore Row, Birmingham, B3 3SD, United Kingdom.
What if we update our privacy notice or you have any questions?
This Notice was updated in December 2020 and it replaces any previous privacy notice we may have provided to you. We do keep our privacy notice under regular review, but we will email our customers regarding any significant changes. If you have any questions please do contact us through using the ‘Contact Us’ forms on our website or our mobile app, calling our call centre on 0808 501 5200* (should be free from all mobiles and generally free from all landlines) or emailing privacy@powershop.co.uk.