The Energy Company Obligation (ECO) is part of a range of policies enacted by the government of the United Kingdom to provide affordable warmth for people in fuel poverty and to transition to a low carbon economy. The Obligation mandates large energy suppliers to provide funding to enable energy efficiency improvements to be made to domestic homes subject to certain qualifying criteria.
We act as a lead generator that matches people who qualify for this Obligation with companies that facilitate and complete the sponsored home improvements.
In order to determine if an installation qualifies for the Obligation, personal information needs to be collected and then verified. We collect the necessary information to confirm eligibility and then share it with other organisations to enable the home improvements to be completed. We only collect the information necessary to facilitate home improvements and store and share it according to the obligations established under British law.
Policy key definitions
● "I", "our", "us", or "we" refer to the business, My Home Energy Grant and BidConnecter Limited.
● "you", "the user" refer to the person(s) using this website.
● GDPR means General Data Protection Act
● PECR means Privacy & Electronic Communications Regulation
● ICO means Information Commissioner's Office
● Cookies mean small files stored on a user’s computer or device
Personal data we collect
We collect the following information:
● Contact details – telephone and email
● Details of house and current equipment installation (such as water boilers)
● Details of home improvements required
● Details of benefits received
● Confirmation of the completion of work
We may also request additional documentary evidence to verify the information we have collected. The purpose of collecting this information is to confirm whether an applicant qualifies for the ECO Obligation and, upon qualification, to enable the home improvements to be completed in a timely and efficient manner and to verify the improvements have been completed in a compliant way and to a satisfactory quality level. We may also provide your information to external parties who administer the ECO Obligation to ensure your eligibility and our compliance to relevant rules and regulations.
Processing your personal data
Under the GDPR (General Data Protection Regulation) we control and process personal information about you electronically using the following lawful basis.
We are registered with the ICO under the Data Protection Register. Our registration number is: ZA300552.
We use the personal data you provide to ensure eligibility for the ECO Obligation, fulfil the request to install home improvements and to verify the work has been completed to a compliant and satisfactory quality level.
Sharing your personal data
Subject to the processing requirements needed to complete an application and installation we may share your personal data with:
● Department for Work and Pensions to profile your data in order to provide a YES/NO response via the Energy Saving Trust to verify whether you receive the relevant benefits to be eligible for the Obligation
● The Office of Gas and Electricity Markets (Ofgem) will use and share your information in order to fulfil its statutory duties
● the installer of the measure in order to verify whether it has been notified to Ofgem
● Auditors contracted to ensure the integrity of the Obligation
● Representatives of the Secretary of State of the Department of Business, Energy and Industrial Strategy. They may use the data to review and develop Government policy, and for research and statistical purposes and may, for these purposes, link the data with other data sources they hold. They may also share some of the data with other Government Departments and with the Scottish and Welsh Governments for these purposes
● The obligated energy supplier (who will make a contribution towards the cost of the measure; and will process data as necessary to comply with a legal obligation and in accordance with their own privacy policies)
● relevant companies supporting the completion of the home improvement:
○ the installer (who completes the installation work)
○ the installer’s certification body (who monitor a sample of installations to ensure they meet the correct standards)
○ technical monitoring agents (who monitor a sample of installations to ensure they meet the correct standards)
○ managing agents (who facilitate the funding and installation of measures)
○ external auditing agencies (who provide assurance that the data being processed is correct) building control inspectors (who check installations are installed in accordance with building regulations)
○ guarantee companies (who provide warranties for some measures such as wall insulation) the property owner, social housing provider, local authority or managing agent (as and where applicable)
○ software providers (who process your data)
○ Other external parties required to fulfil our statutory obligations
The information provide may be transferred to 3rd parties outside of the European Union. However, this will only take place where this is necessary for the purpose defined above and where we are satisfied the external parties is in compliance with the relevant statutory requirements.
We will not share your email contact details with other third-parties for the purpose of marketing or sales for products and services not related to the ECO Obligation. We will only send you emails relating to your application and if some event occurs that relates to the completed home improvements where contacting you is deemed necessary.
Retaining your personal data
The home improvements we facilitate have up to 25-year warranties. We may therefore retain your personal information for up to 25 years or as long as is needed to match the lifetime of the supplied warranties.
In order to comply with the regulatory requirements of the ECO Obligation we may retain your personal information for up to seven years after the Obligation has ended.
Under the GDPR your rights are as follows:
● the right to be informed
● the right of access
● the right to rectification
● the right to erasure
● the right to restrict processing
● the right to data portability
● the right to object
● the right not to be subject to automated decision-making including profiling
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
Contact details of data controller
Data security, storage and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Response to a data breach
We place the highest priority on the security of our systems and the information they hold. We have implemented strict procedures and provided comprehensive training to ensure the integrity of our systems.
A data breach is defined as the unauthorised accessing of information held by us on our systems by a third-party without the permission us. A data breach includes but is not necessarily confined to information being downloaded externally from our systems. Unauthorised amendment or deletion of information also constitutes a data breach. The act of unauthorised viewing of information held by us is also considered to be a data breach.
A Data Breach Response Process has been implemented as part of a suite of measures related to information security. Should a data breach occur we will implement our Data Breach Response Process.
It has the following steps:
1) Investigate the nature of the breach
2) Prevent additional breaches
3) Communicate details of breach to stakeholders including customers and the Information Commissioner’s Office
4) Document details of the breach and restorative action to ensure all relevant information is captured
Our Data Breach Response Process aims to resolve all issues within 72 hours. An emphasis is placed on informing our customers as soon as possible in the event of a data breach so that they may take any actions they deem necessary.