On this page:
1. About this Privacy Notice
1.1. Purpose of this Privacy notice
At Bristol Energy we respect your privacy and value the relationship we have with you. Because of this, we have provided, in this Privacy Notice, all of the information you may need about how we deal with your personal data. It covers data we collect and process through your use of this website, but also when you contact us in other ways as an existing or potential customer. The Notice includes details about the types of information we collect and process as well as the purposes for which we do so and legal basis on which this processing takes place. It outlines the rights you have as an individual with regards to your data and advice on how you can exercise these rights.
We recommend that you read this privacy notice carefully together with any other information regarding privacy we may from time to time provide. Such information may be provided to you at times when we need to collect new personal data about you, or when anything changes about how we process this data.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.
In this policy “Bristol Energy”, “we”, “us” and “our” refer to Bristol Energy Limited, who is the controller and responsible for your personal data.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
2. Bristol Energy and Your Personal Data
2.1. Data we collect about you
We may collect, use, store and transfer certain information about you, some of which is considered personal data as it directly or indirectly reveals your identity. We have summarised the types of information we process below:
- Identity Data, including first name, last name, title and date of birth.
- Contact and Supply Data, including billing and supply addresses, MPAN/MPRN numbers, email address and telephone numbers.
- Account Data such as your username and password.
- Energy consumption information from meter readings submitted by you or obtained through other means, including – if you have one – your smart meter. Find out more privacy information about your smart meter.
- Financial Data, including bank account and payment card details.
- Transaction Data, including details about payments to and from you and other details of previous and existing tariffs, products and services you have purchased from us.
Technical Data, including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage Data, such as information about how you use our website, products and services.
- Marketing and Communications Data, including your preferences in receiving marketing from us and our third parties and your communication preferences.
We may also collect and process information about you that is lawfully defined as Sensitive Data. This includes information about any health conditions you inform us about, specifically where these may entitle you to additional help and support services in relation to your energy supply. We will use this information to protect your household, for example in the event of a power cut. We will always ask for your explicit consent to collect and process this data and will provide you with clear information about how we intend to use it, including if we need to share it with any third parties.
2.2. How do we collect your data?
The types of data outlined above are collected through a range of methods, depending on the nature of your interaction with us. These include:
When you use our website. This includes situations where you directly provide us with information, for example when you apply online for one of our tariffs, fill in one of our website forms or create an account on our website. It also includes automated technologies or interactions which we use to collect technical data about your equipment, browsing actions and patters. You can find out more about this by reading our Cookies policy.
When you contact us in other ways, whether by e-mail, phone or in person. This includes when you contact us with questions, queries and feedback, or when you apply for one of our tariffs through any of these channels.
- From Price Comparison Websites and Third Party Intermediaries, if you contact us or sign up to our services through one.
- From a third party, when you have given them permission to share with us the information they hold about you.
- From publicly available sources, where you have given your consent to make that information public, or where the information is made public as a matter of law.
3. How we use your personal data
3.1. Lawful bases for using your data
Every organisation has to have a lawful reason to process personal data, and this also applies to us and how we handle your data. Often, we need it to be able to perform a contract we have with you, or indeed if we need to do something before entering into a contract (for example, providing you with a quote). Another valid reason is when we (or a relevant third party) have a legitimate interest to process your data, as long as these interests do not override your fundamental rights. For instance, we have a legitimate interest to collect and process certain information to allow us to collect any debt you have on your energy supply account with us. Thirdly, we may need it to comply with a legal or regulatory obligation.
3.1.1. Getting to know you
We may use your identity, contact, technical, usage and profile data to assess the types of products and services you may be interested in. This is to allow us to make these available to you and deliver the best customer experience that you would expect from your energy suppliers. Under the data privacy law, we are able to do this as part of our legitimate interest in understanding our customers and providing them with the products and services that they need or may want. You can always opt out of this processing – find out more about how you can exercise your rights and control the way we use your data in section 5 below.
3.1.2. Marketing through electronic means
We will from time to time send you information about the products and services developed as described above, but only if you have given your active consent to receive marketing communications from us by e-mail, web, text or telephone. We will never assume your consent – it will always need to be a clear opt-in action from you – and you can always withdraw it by contacting us at [email protected].
3.1.3. Sharing data with partners and affiliates
We will also request your consent before sharing any of your personal data with any third party for marketing purposes. In some instances, we may need to share some data with third parties in order to fulfil an obligation to you which may result in you receiving certain communications from them. This may be the case, for example, if you have signed up to Bristol Energy through one of our partners and receiving something (e.g. a money-off voucher or a “freebie”) from them – referred to as an incentive gift – was part of the offer. In these circumstances, the respective partner may need certain information about you so that they can send you the promised incentive gift. We will still request your consent to share your data in these circumstances, but your refusal may result in us and our partners being unable to fulfil our promise to you. Our partners may also request your consent so that they can continue to send you marketing communications, but we cannot take responsibility for their failure to honour your preferences.
3.1.4. Priority Services Register
As explained in section 2.1 above, we may collect certain types of sensitive information about you to help us provide you with additional support when you needed this. This is an industry-wide mechanism – all suppliers are required under their licence conditions to offer and maintain a Priority Services Register (PSR). You can find out more about PSR at www.bristol-energy. co.uk/customer-care/priority-services-register.
Data we may need to collect as part of our PSR is most likely to refer to any health conditions that would indicate you need additional help (for example communications in special format such as Braille), but also if there are any other vulnerabilities in your household that we and our agents must be aware of. We share this data with a number of third parties, such as your Distribution Network Operator, the relevant gas transporters or any metering agents, and we need to do this in order to be able to deliver these additional support services to you. We will always request your explicit consent to collect, maintain, and share your sensitive personal data in this way, and you can ask us to remove you from our PSR at any point, by simply getting in touch with one of our agents. We will always explain to you what opting in and out of the PSR means in terms of the services you can expect to receive from us, so that you can always make an informed decision.
3.2. Purposes of using your data
To give you more clarity around our use of your personal data, we have summarised below all of the ways we plan to use it and the lawful basis we rely on to do so. We will not use your data for purposes other than those outlined below, nor will we process it further in a manner that is incompatible with these purposes.
|Purpose / Activity name||Description||Lawful basis for processing|
|Account registration||To register your supply account with us. This includes sharing your data with third parties in line with industry practice. This includes your Previous Supplier, the relevant gas transporters, metering agents or network operator, our billing system provider, the DCC.||Contract|
|Credit checks||To carry out a credit check as we may from time to time require for certain products.||Contract|
|Account management and customer care||
To manage your account, which may cover the following:
This includes sharing your data with third parties where we use their services for certain aspects of our customer care.
To process and investigate any feedback or complaints you submit about us. This includes sharing data with some third parties where we need to do so to manage your complaint.
This includes sharing your data with Citizens Advice or the Energy Ombudsman where your complaint needs to be escalated.
|Erroneous Transfers (ETs)||
To manage situations where we take on your account in error. This process is something that from time to time happens across the whole industry, and we will work with your correct supplier to resolve this as soon as possible.
This includes sharing your data with your existing supplier and other third parties involved in the management and resolution of ETs, such as Utiliserve.
|Legitimate interest (to deliver a fair and compliant service)|
|Priority Services Register||To add you to the Priority Services Register and offer you additional support as appropriate. This may include sharing your data with our agents and partners and other third parties. It may also include sharing your data with organisations who help us produce bills and other communications in other formats (e.g. Braille), where you have requested this.||
Consent (see Section 3.1 above)
|Billing and Payment collections||
To manage payments on your account, which includes:
We utilise a billing platform provider to help us deliver these services to you, as well as other aspects of your supply account with us, and we may from time to time need to share certain data with them.
|Debt management||To collect amounts owed by you on your account. This includes sharing your personal data with our agents who manage debt collection on our behalf.||Contract|
|Theft and fraud prevention||To allow us and our partners to assess the risk of electricity or gas theft and/or other forms of fraud. This is an industry wide process which is managed by Experian on behalf of SPAA. We will only share your personal data with these third parties and through their dedicated secure systems.||Legitimate interest (to deliver a fair and compliant service)|
|Warm Home Discount (WHD)||To manage your WHD payments, if you are entitled to these. This includes sharing your personal data with the department of Works and Pensions to establish eligibility.||Legitimate interest (to deliver a fair and compliant service)|
|Energy Forecasting and Trading||To forecast your consumption across the year which in turn allows us to purchase the electricity and gas we supply to you in a time and cost efficient manner.||Legitimate Interest (to understand our customer base and trade efficiently and competitively in the market)|
|Regulatory reporting||To respond to requests for information and meet other regulatory requirements that we are obligated to meet as part of our Licence Conditions and other industry codes we are signatories to, as well as to meet other regulations and legal requirements as appropriate. This includes sharing data with the bodies requesting the information, including Ofgem, Citizens Advice, BEIS, the Competition Markets Authority and others.||Legal obligation|
|If you are registered to our feed-in Tariff (FIT) scheme, we will process your data in order to register your application (including registering and updating your account on Ofgem’s CFR system), manage your account, and make payments to you in line with our quarterly payment levelisation schedule.||Contract|
|PPA management||If you are a sole trader and we purchase export electricity from a generator you own or manage through a Power Purchase Agreement (PPA), we will process your data in order to provide you with a quote, register your application (including registering and updating your account on Ofgem’s CFR system), manage your account, and make payments to you in line with our quarterly payment levelisation schedule.||Contract|
|Official requests for information (criminal investigations)||To assist with criminal investigations upon receiving a verified request from a legal entity such as the HMRC, the police etc.||Legal obligation|
|Training and monitoring||To train our staff and for internal monitoring purposes, which in turn help us improve the service you receive from us.||Legitimate interest (to deliver a high quality of service to our customers)|
|Profiling||Where permissible according to applicable law we may use certain limited personal information about you, such as your email address, to hash it and to share it with social media platforms, such as Facebook or Google, to generate leads, drive traffic to our websites or otherwise promote our products and services. You can opt out of this at any point (see section 5 below).||
3.3. Sharing your data
We may need to share your personal data with various third parties for the purposes set out in section 3.2 above. These parties are by law referred to as “processors”, which means that they will only process your data for purposes, and in ways in which, we instruct them to do so.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law and we do not allow them to use your personal data for their own purposes. We have contractual arrangements in place with all of our processors which underpin their obligations with regards to how they handle your personal data on our behalf. We have also put in place due diligence and quality processes to ensure that they employ best practice with regards to data protection.
4. Data security
We want you to be confident about how we manage appropriate technical and organisational measures to ensure your data is kept secure. These measures include organisational policies, physical and technical procedures which aim to prevent your personal data from being accidentally lost or processed, altered or disclosed in an unauthorised way. On a regular basis we undertake an analysis of the risks presented by our processing, and use this to assess whether our systems are supported by an appropriate level of security.
Our business operates on a “needs to know” basis, so colleagues, agents, contractors other third parties only have access to your data in as much as this is required for them to carry out their roles and to enable us to fulfil our obligations to you and meet our regulatory and legal duties. They will only handle your personal data on our instruction and they are subject to a duty of confidentiality.
We do not store your personal data outside of the European Economic Area (EEA). We do however use platforms such as Google Analytics who may process your data outside of the EEA. Google are operating under the EU-US Privacy Shield, which is a framework for transatlantic exchanges of personal data for commercial purposes between the European Union and the United States
EU-US Privacy Shield, which is a framework for transatlantic exchanges of personal data for commercial purposes between the European Union and the United States.
5. Your rights
Under relevant data protection law you are entitled to certain rights in relation to their personal data. We have included details about these below. If you would like to find out more about the circumstances when you can exercise these rights get in touch with us by contacting Bristol Energy’s Data Protection Officer. In most cases you will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive
5.1. Right of access
You have the right to obtain the following from us:
- Confirmation that your data is being processed by us;
- Access to your personal data; and
- Proof that we are lawfully processing your data.
5.2. Right to rectification
You have the right to ask us to rectify or complete inaccurate or incomplete data we hold about you. Please note we may need to verify the accuracy of the new data you provide us with
5.3 Right to erasure
You have the “right to be forgotten”, so you can ask us to delete or remove personal data we hold about you as long as there is no good reason for us continuing to process it. You can also ask to exercise this right in the following circumstances:
- We process your data because you have given us consent to do so but you now wish to withdraw that consent;
- You think we process your data unlawfully;
- You have successfully exercised your right to object (see below); and/or
- You believe we have a legal obligation to erase your data.
If your request for erasure is successful we will also contact third parties with whom we have shared your personal data and request that they erase it from their own systems.
Please note that we may not always be able to comply with your request of erasure for specific legal reasons. If this is the case, we will inform you of this and the reasons for our refusal.
5.4. Right to object
This right refers to situations when we process your data on the basis of legitimate interest but you feel this processing impacts on your freedoms and rights due to circumstances specific to your particular situation. You also have the right to marketing purposes. Please note, however, that we may refuse your objection if we are able to demonstrate compelling legitimate grounds to process your information which override object where we are processing your personal data for direct marketing purposes. Please note, however, that we may refuse your objection if we are able to demonstrate compelling legitimate grounds to process your information which override your interest and freedoms.
5.5. Right to restriction of processing
This enables you to ask us to suspend the processing of your data, so that we can continue to store it but not use it. We would also instruct third parties with whom your data has been shared to restrict processing. You may be able to exercise this right if:
- You think the data we hold about you is inaccurate and we need to verify this;
- You think we have processed your data unlawfully but do not wish us to delete it;
- We no longer need your data but you want us to keep it in order to establish, exercise or defend a legal claim; or
- You have asked objected to us processing your data (as described in paragraph 6.4 above) and we are considering whether our legitimate interests override yours.
If your request for restriction is valid, we will not process your personal data in any way except to store it unless you have given us consent to do so. We may also process your restricted data if we need to do so for the establishment, exercise or defence of legal claims, or if it is necessary for the protection of the rights of another person (natural or legal).
5.6. Right to data portability (or transfer)
You can ask us to transfer your data to you or a third party. If you do, we will endeavour to provide this data in a structured, commonly-used, machine readable format. This right only applies:
- to personal data you have given us;
- where the processing is based on your consent or for the performance of a contract; and
- when processing is carried out by automated means.
Please note we will endeavour to transmit your data to another organisation in as much as it is technically feasible for us to do so, but we cannot guarantee that our processing systems are technically compatible with those of the respective organisation.
5.7. Right to withdraw consent at any time
If we rely on consent to process your personal data for a certain purpose, you can withdraw this consent at any time. If you do this and we determine that we have another lawful reason for processing your data we will not do so without informing you. If you withdraw your consent, we may be unable to provide certain products and services to you, and we will endeavour to advise you of this at the time you withdraw consent.
We will only retain your personal data for as long as it is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, auditing or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve the same purposes through other means, and the applicable legal requirements.
If you want to find out more about the retention periods for different aspects of your personal data you can do so by contacting us.
7. Any questions?
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have any questions that haven’t been covered, please contact our Data Protection Officer (DPO) who will be pleased to help you. They can be contacted using the details below:
Data Protection Officer
3rd Floor South
100 Temple Street
You can also contact us to request to exercise your legal rights, which are outlined in Section 7 of this notice, or to make a complaint.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.