Energy Supply
Energy Management
Purchase Agreements
Biomethane
Renewable Energy
Power Storage Gas Storage
Supply Information
Help & Support
Customer login

ENGIE UK Privacy Notice and Cookies

At ENGIE UK, we are committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This privacy notice applies to personal data we hold about individuals, such as company directors or contacts on business accounts, including sole traders and partners. This notice explains your statutory rights and how we collect, use, and store your personal data. It also sets out the reasons why we collect this data and the lawful bases for doing so under applicable data protection laws.

What information will ENGIE hold about you?

Personal Data

  • Contact details of people associated with the business including
  • Job title and employer and business address
  • Business email address
  • Audio call recordings

Communication Data

  • Email correspondence
  • Meeting notes
  • Call logs

Business Data

  • Signatures and contract terms
  • Financial information and history

 Billing Data

  • Purchase orders and account history
  • Business Bank Account
  • VAT number
  • Invoicing information
  • Transaction history

Technical Data

  • Location information including
  • IP address
  • Login data
  • Browser type
  • Device identifiers

How do we collect your data?

Directly from you: When you or your representatives set up an account with us, purchase products or services, submit information via our websites or apps, complete forms we provide, enter competitions or promotions, make a claim or complaint, exercise your statutory rights, contact us by phone, email, or other communication methods. We also collect data directly from energy generation and export meters, smart devices we provide, and when we visit your business premises.

Credit and anti-fraud reference agencies: We use information from these agencies to conduct ethical checks and assess the creditworthiness and transaction history of suppliers and customers. This helps us manage risk, prevent fraud, and ensure responsible business relationships.

Our website and mobile applications: We collect information about how you use our websites and apps, including interactions with any smart devices you connect to these platforms.

Companies we partner or work with: For example, brokers or other partners may share your details with us to enable us to deliver our products and services. We receive information from companies we partner with or that are part of our corporate group to help us deliver and manage your energy supply and related services. This includes meter installation companies, service engineers, debt collection agencies, and lead generation providers.

Government, ombudsman services, and regulators: These bodies provide us with information about complaints and assist us in verifying eligibility for discount schemes or other regulatory requirements.

Previous energy providers: When you switch to us or where applicable, we may obtain information from your previous energy supplier about meter readings, equipment, and payment history to ensure smooth account setup and service continuity.

Third-party data providers: Companies authorised to pass updated contact information to us or to contact you for market research or marketing purposes.

Tracing activities: If you do not have an active energy supply contract with us but occupy a site we supply, we may use third parties such as Google or Land Registry to identify you so that we can contact you regarding energy consumption at that site.

Why we use your personal data and our lawful basis

Purpose Legal Basis
To provide our services to you or your business, including making payments to you or your business, maintaining your business account, setting pricing, ensuring quality assurance, and handling any complaints you raise.
  • Performance of a contract
  • Legitimate interests
To take payment for our products and services, or make payments to you or your business, and to recover any outstanding debts. This may involve invoicing, direct debits, issuing refunds, or engaging debt recovery services.
  • Performance of a contract
  • Legitimate interests
  • Legal obligation
To manage our relationship with you or your business, including communication about service updates, responding to enquiries, contract management, and day-to-day business interactions.
  • Performance of a contract
  • Legitimate interests
To comply with legal and regulatory obligations, including audit requirements, tax and financial reporting, anti-fraud measures, and industry-specific regulations.
  • Legal obligation
To send you marketing or service communications, such as information about new products, industry updates, or invitations to events, unless you’ve opted out.
  • Legitimate interests (with opt-out)
To monitor, secure, and maintain our IT and communication systems, ensuring proper system performance, cybersecurity, and data protection.
  • Legitimate interests
To analyse how our services are used, to help us improve customer experience, develop new products, and inform business decisions.
  • Legitimate interests

 

Who may we share your data with?

We only share your personal data with third parties where necessary to deliver our services, manage your business account and contact, comply with our legal obligations, or where there is a legitimate interest. Below are the types of third parties we may share your information with:

Companies within our group: We may share data with other companies within our global business units, where necessary to deliver our services or manage business operations.

Advertising and marketing partners: We may share limited business contact data (e.g. business email address or job title) with digital marketing and analytics providers that help us improve outreach and understand business energy needs.

Brokers and intermediaries: We receive business through brokers and third-party intermediaries who introduce you to our services. We share necessary information with them, such as consumption, contract details, and account data, to manage your account and fulfil our obligations. Information is only shared with brokers or third-party intermediaries where you have given explicit authorisation (such as a Letter of Authority) permitting them to discuss or manage your supply on your behalf.

Network operators and distributors: We share meter, connection, and supply-related data with network operators and distributors such as National Grid or your local distribution network operator (DNO), as required to manage your energy supply.

New energy provider: If you decide to switch suppliers, we may provide your new provider with relevant account and meter information to facilitate a smooth transfer of service.

Credit and anti-fraud reference agencies: To assess credit risk and help prevent fraud, we may share your data with credit reference and fraud prevention agencies

Government bodies and regulators: We may share information with regulators and government authorities where required to comply with law or regulation.

Ombudsman and dispute resolution services: If you raise a complaint that is referred to an ombudsman (e.g. the Energy Ombudsman Service), we may provide them with the relevant information needed to assess the case, including your contact details, meter data, equipment details, and payment records.

Transferring your personal data internationally

We do not transfer your personal data outside the European Economic Area (EEA). All personal data we process is stored and managed within the EEA or the UK, ensuring that it remains subject to strong data protection standards in line with UK GDPR and EU data protection laws.

If, in the future, any transfer of personal data outside the EEA becomes necessary, we will ensure a. We have taken steps to ensure all personal data is provided with adequate protection and safeguards and that all transfers of personal data are done lawfully.

How long do we keep your personal data?

We will retain your business contact information for as long as necessary to fulfil the purposes outlined in this Privacy Notice. We will delete:

  • Initial sales call recordings after six years, and
  • Customer service call recordings after two years
  • Contractual data, up to 7 years after the end of the business relationship

Unless we have a reason to keep it longer.

How do we keep personal information secure?

We are committed to following data protection principles, including collecting only the minimum personal data necessary.

  • All personal data stored electronically is safeguarded against unauthorised access and managed through a range of secure IT systems designed to maintain confidentiality and high security standards. Our systems are protected by passwords, and electronic data is stored securely. Physical documents are kept in locked cabinets with restricted access to ensure their safety.
  • Additionally, we have implemented security measures to protect your data from unauthorised changes, improper disclosure, unlawful destruction, or accidental loss. We also have data protection agreements in place that define how your data should be handled responsibly and securely.
  • We use a secure system to manage employee access to internal applications and data. Access is granted based on role and responsibilities, with safeguards such as single sign-on and multi-factor authentication in place. Activity is monitored to prevent unauthorised access and ensure data security.

Your rights

You have the following rights regarding your data, under data protection legislation. We will respond to any requests under data protection law within one calendar month.

  • The right to be informed – this privacy notice is our way of informing you how your data is used
  • The right of access – you can request a copy of all the information we hold about you to check that we are lawfully processing it
  • The right to rectification – you can request that we rectify information about you that is incorrect
  • The right to erasure – also known as the right to be forgotten. You can request that information about you is deleted
  • The right to restrict processing – you can request that we pause processing your data so we can verify the lawfulness of processing
  • The right to object – you can request that we stop processing your information if you feel that the processing is not lawful
  • The right to data portability – you can request that data is transferred to another party so it can be reused across services.

Where you have given consent for us to use your data for specific purposes, you have the right to withdraw this consent at any time. If you would like to exercise any of the above rights, please contact our data protection officer.

The Information Commissioner’s Office (ICO) is the regulator for data protection in the UK. You have the right to make a complaint to the ICO if you feel that we have not complied with your data protection rights.

If you have a query or are dissatisfied with the outcome of your request, we encourage you to contact us in the first instance and we will consider your request in line with the UK GDPR. If you remain dissatisfied with our response in relation to your concern, you may contact the Information Commissioner’s Office who is the regulator for the UK GDPR, to make a formal complaint about how we have handled your personal data.

If you decide to contact the ICO, please write to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Cheshire SK9 5AF

icocasework@ico.org.uk
Or complete the online form.

Cookies

When visiting the Website, a cookie may be installed on your browser.

Cookies are small text files that are stored on your machine primarily to ensure that the Website can manage our users’ session correctly (“necessary cookies”). You can also allow us to place “statistical cookies” on your browser. These are cookies which improve your user experience through services such as autocomplete functions or provide Website analytics. We may also request your permission to install marketing cookies.

You can approve the statistical or marketing cookies by pressing the ‘Accept’ button. If you’d prefer to use our website without accepting these cookies, please note that it may impact your user experience and limit your access to some of our offers. You can disable these cookies through your browser settings.

Cookies are kept for a maximum period of 12 months and then deleted.

Analytics

The Website uses Matomo Analytics, a web analytics service provided by Matomo (‘Matomo’). Matomo Analytics uses cookies (text files placed on your computer) to help the website operators analyse how users use the site. The information generated by the cookie about your use of the Website (including your IP address) will be transmitted to and stored by Matomo on servers in the EU. Matomo will use this information for the purpose of evaluating your use of the Website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Matomo may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Matomo’s behalf. Matomo will not associate your IP address with any other data held by Matomo. By using the Website, you consent to the processing of data about you by Matomo in the manner and for the purposes set out above.

The necessary cookies used within this context are:

AWSALB

Provided by Formstack, this registers which server cluster is serving the visitor. This is used in context with load balancing, in order to optimise user experience

AWSALBCORS

Provided by Formstack, this registers which server cluster is serving the visitor. This is used in context with load balancing, in order to optimise user experience

CookieConsent

Provided by Cookieyes, this stores the user’s cookie consent state for the current domain

PHPSESSID

Provided by ENGIE, this preserves user session state across page requests

Rc::a

Provided by Google, this cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website

Rc::b

Provided by Google, this cookie is used to distinguish between humans and bots

Rc::c

Provided by Google, this cookie is used to distinguish between humans and bots

Updates

ENGIE UK may update this Privacy and Cookies Notice at any time. Consequently, you are invited to regularly consult the Privacy and Cookies Notice that is currently being applied.

Version Control – 02/12/25

Important Information

If you have any questions about data protection, please contact our Data Protection Officer using the details below.

Data Controller:

ENGIE Power Limited
ENGIE Gas Limited
No 1, 26 Whitehall Road
Leeds LS12 1BE – UK

Data Protection Officer:

Ms Aminat King
4th Floor Broadgate Tower
20 Primrose Street
EC24 2EW – UK
0800 130 3600

dataprivacy.uk@engie.com.