Privacy Policy

Privacy Policy


The Energy Company Obligation (ECO) is part of a range of policies enacted by the government of the United Kingdom to provide affordable warmth for people in fuel poverty and to transition to a low carbon economy. The Obligation mandates large energy suppliers to provide funding to enable energy efficiency improvements to be made to domestic homes subject to certain qualifying criteria.

We act as a lead generator that matches people who qualify for this Obligation with companies that facilitate and complete the sponsored home improvements.

In order to determine if an installation qualifies for the Obligation, personal information needs to be collected and then verified. We collect the necessary information to confirm eligibility and then share it with other organisations to enable the home improvements to be completed. We only collect the information necessary to facilitate home improvements and store and share it according to the obligations established under British law.

The policy

This privacy policy notice is for this website - and is served by BidConnecter Limited, a company registered in the United Kingdom with the registration number 09358176. The company’s registered address is: 4 River Terrace, The Slipe, Arundel, West Sussex and operates from Suite 8 BizSpace, Courtwick Lane, Littlehampton, West Sussex. This policy governs the privacy of users of this website, the information it collects and how the company handles and uses that information. Its goal is to ensure compliance with all legal and regulatory obligations and to operate in a fair and transparent way providing relevant information to all interested parties. If you do not agree with the following policy you may wish to cease viewing / using this website.

Policy key definitions

 ● "I", "our", "us", or "we" refer to the business, My Home Energy Grant and BidConnecter Limited.
 ● "you", "the user" refer to the person(s) using this website.
 ● GDPR means General Data Protection Act
 ● PECR means Privacy & Electronic Communications Regulation
 ● ICO means Information Commissioner's Office
 ● Cookies mean small files stored on a user’s computer or device

Personal data we collect

We collect the following information:
 ● Name
 ● Address
 ● Contact details – telephone and email
 ● Details of house and current equipment installation (such as water boilers)
 ● Details of home improvements required
 ● Details of benefits received
 ● Confirmation of the completion of work

We may also request additional documentary evidence to verify the information we have collected. The purpose of collecting this information is to confirm whether an applicant qualifies for the ECO Obligation and, upon qualification, to enable the home improvements to be completed in a timely and efficient manner and to verify the improvements have been completed in a compliant way and to a satisfactory quality level. We may also provide your information to external parties who administer the ECO Obligation to ensure your eligibility and our compliance to relevant rules and regulations.

Processing your personal data

Under the GDPR (General Data Protection Regulation) we control and process personal information about you electronically using the following lawful basis.

We are registered with the ICO under the Data Protection Register. Our registration number is: ZA300552.

We use the personal data you provide to ensure eligibility for the ECO Obligation, fulfil the request to install home improvements and to verify the work has been completed to a compliant and satisfactory quality level.

Before submitting an application request via our website, you will be required to accept our terms and conditions (which include this Privacy Policy). We will continue to process your personal information on this basis until the application is complete or you withdraw consent. Upon completion we will then retain your personal information for the minimum time prescribed by UK legislation. See below for more information on retention periods.

Sharing your personal data

Subject to the processing requirements needed to complete an application and installation we may share your personal data with:
 ● Department for Work and Pensions to profile your data in order to provide a YES/NO response via the Energy Saving Trust to verify whether you receive the relevant benefits to be eligible for the Obligation
 ● The Office of Gas and Electricity Markets (Ofgem) will use and share your information in order to fulfil its statutory duties
 ● the installer of the measure in order to verify whether it has been notified to Ofgem
 ● Auditors contracted to ensure the integrity of the Obligation
 ● Representatives of the Secretary of State of the Department of Business, Energy and Industrial Strategy. They may use the data to review and develop Government policy, and for research and statistical purposes and may, for these purposes, link the data with other data sources they hold. They may also share some of the data with other Government Departments and with the Scottish and Welsh Governments for these purposes
 ● The obligated energy supplier (who will make a contribution towards the cost of the measure; and will process data as necessary to comply with a legal obligation and in accordance with their own privacy policies)
 ● relevant companies supporting the completion of the home improvement:
  ○ the installer (who completes the installation work)
  ○ the installer’s certification body (who monitor a sample of installations to ensure they meet the correct standards)
  ○ technical monitoring agents (who monitor a sample of installations to ensure they meet the correct standards)
  ○ managing agents (who facilitate the funding and installation of measures)
  ○ external auditing agencies (who provide assurance that the data being processed is correct) building control inspectors (who check installations are installed in accordance with building regulations)
  ○ guarantee companies (who provide warranties for some measures such as wall insulation) the property owner, social housing provider, local authority or managing agent (as and where applicable)
  ○ software providers (who process your data)
  ○ Other external parties required to fulfil our statutory obligations

The information provide may be transferred to 3rd parties outside of the European Union. However, this will only take place where this is necessary for the purpose defined above and where we are satisfied the external parties is in compliance with the relevant statutory requirements.


We will not share your email contact details with other third-parties for the purpose of marketing or sales for products and services not related to the ECO Obligation. We will only send you emails relating to your application and if some event occurs that relates to the completed home improvements where contacting you is deemed necessary.

Retaining your personal data

The home improvements we facilitate have up to 25-year warranties. We may therefore retain your personal information for up to 25 years or as long as is needed to match the lifetime of the supplied warranties.

In order to comply with the regulatory requirements of the ECO Obligation we may retain your personal information for up to seven years after the Obligation has ended.

Your rights

Under the GDPR your rights are as follows:
 ● the right to be informed
 ● the right of access
 ● the right to rectification
 ● the right to erasure
 ● the right to restrict processing
 ● the right to data portability
 ● the right to object
 ● the right not to be subject to automated decision-making including profiling

You also have the right to complain to the ICO [] if you feel there is a problem with the way we are handling your data.

Contact details of data controller

In the event of the need to raise an issue or if you have any queries relating to this privacy policy please contact the data controller.

Contact Details
Contact Details

Internet cookies

Cookies are small text files placed on a computer or device to record interactions with websites. We do not use cookies on the website. This is based on the expected use of our website.

Data security, storage and protection

We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.

Response to a data breach

We place the highest priority on the security of our systems and the information they hold. We have implemented strict procedures and provided comprehensive training to ensure the integrity of our systems.
A data breach is defined as the unauthorised accessing of information held by us on our systems by a third-party without the permission us. A data breach includes but is not necessarily confined to information being downloaded externally from our systems. Unauthorised amendment or deletion of information also constitutes a data breach. The act of unauthorised viewing of information held by us is also considered to be a data breach.

A Data Breach Response Process has been implemented as part of a suite of measures related to information security. Should a data breach occur we will implement our Data Breach Response Process.

It has the following steps:

 1) Investigate the nature of the breach
 2) Prevent additional breaches
 3) Communicate details of breach to stakeholders including customers and the Information Commissioner’s Office
 4) Document details of the breach and restorative action to ensure all relevant information is captured

Our Data Breach Response Process aims to resolve all issues within 72 hours. An emphasis is placed on informing our customers as soon as possible in the event of a data breach so that they may take any actions they deem necessary.

Download Privacy Policy (PDF Format)