Introduction and Privacy Statement
As your energy supplier, So Energy will have access to some of your personal and sensitive information. We recognise that our customers value their data and privacy, and it is our mission to treat both with the greatest of care. This privacy notice informs you of how and why we collect your data and what you can expect from us on data sharing, retention and protection. We will cover your rights, and how you exercise those rights. As well as what to do if you are unhappy with So Energy’s handling of your data, and the avenues that you can go down to get a resolution.
This privacy notice was last updated on 24th November 2023
Where and how we collect your information
We will collect personal information about you during our sign-up process, when you get in touch with us via phone, email, social media, letter, our website or just as part of providing our services to you.
We may also be provided with your personal information by other parties.
Comparison websites or energy switching companies – this is so that we can provide our service to you.
Energy industry partners – this includes energy supply data and vulnerability data so that we can supply your energy safely and accurately, these partners may include your previous supplier(s) and metering agents.
Landlords and estate agents - those moving in or out of a property, or a landlord or estate agent may provide us with contact information. We may use this information to contact you in relation to the continuation of the energy supply to your property.
Councils, postal services, and data brokers - may provide us with contact information, moving-home status and other details.
Referral scheme - people referring you to So Energy as part of our Refer a Friend scheme will provide us with your contact information.
Smart Meters - If you have a smart meter, it will send consumption information directly from the meter, in line with the consent we receive from you about this. We need to collect information from your smart meter to ensure accurate billing.
Credit Reference Agencies such as Transunion. See the section on data sharing below.
Payment Service Providers – Worldpay/Checkout.com Go Cardless (Direct Debit payments/ Paypoint (Prepayment Meters).
How we will use your information
We’ll only use your personal information where necessary and allowed to by law. Generally, this will be under one or more of the following circumstances.
To provide our services. We need to process your information to set up your account, supply your energy and the services you’ve asked for, and bill you accordingly. For example, we will use your information to arrange your switch over to us, manage payments towards your energy and maintaining your meter(s), monitor use, and generate and send bills. We also use your personal information to add you to the Priority Service Register if necessary.
To help us improve or develop our website, services and products. We will aggregate data, to improve our operations and make sure we are providing you with the best service possible. All aggregated data is anonymised and doesn’t reveal your identity.
To fulfil our legal and regulatory obligations. We are governed under Gas and Electricity Supply Licence conditions and by Ofgem directions and Codes. We may need to comply with court orders and disclose information to law enforcement agencies if required.
To help us prevent and monitor any debt, fraud and loss that may occur.
To make sure that our employees are trained properly as well as meeting our regulatory and legal responsibilities. To achieve this we may monitor and record your calls, emails or webchat to do so.
To inform you of industry incentives, schemes, products and services: if you have given consent, we will get in touch with you about these that we or our partners are offering. This includes the Warm Home Discount scheme and the Energy Company Obligation scheme.
To administer and protect our business, website and app including monitoring and recording troubleshooting, data analysis, testing, system maintenance, support and reporting.
To maintain and improve our services: for example, we may use information contained in your emails and calls to train our team. We may also use your information to make sure that our services are working as intended, for example, understanding which parts of the website are easiest to use or whether service emails are correctly delivered. We may also contact you for suggestions on how we can improve the way we provide our services to you.
To provide personalised advertising: we may let advertising platforms like Facebook and Google know that you are a customer of So Energy by sharing your contact details with them. This means we can stop asking you to switch to So Energy once you're with us, and instead share information with you that we think you might be interested in.
To communicate with you about our services: we may contact you about product updates on our website and app, and through other marketing channels, such as third-party social networks, like Facebook.
To help you switch to another energy provider: we provide limited account information to other energy suppliers if you switch to them.
To run loyalty and reward programmes you may have signed up to these programmes.
To analyse account and payment activities to help identify alternative, or more appropriately tailored price plans and payment schedules that could be offered.
To complete any other activities which we are obliged to undertake as part of our Energy Supply License Conditions or that we have gained consent for.
To send you marketing communications if you have previously opted in to receive them or shown an interest in our products and services and not opted out. This will be in line with your preferences
Who we share your information with
We sometimes need to allow our service providers to process your personal information on our behalf for the reasons set out above or as otherwise required by law.
We may also transfer your personal data to third parties for the purposes set out in ‘How we’ll use Your Information’.
Those named and authorised within your account to give you the product or services you've requested. We may have to give information to one of your family members, household, anyone acting on your behalf or other people who have an interest (like landlords or letting agents).
Debt collection agencies to help find and prevent debt, fraud or loss.
Credit reference agencies and fraud prevention agencies when you sign up as a customer and routinely whilst you have an account with us. This is to help us assess your ability to pay your energy bills, as well as identify any potential fraud, credit or security risks. More information can be found in TransUnion’s Credit Reference Agency Information Notice at http://transunion.co.uk/crain
Another organisation if any unpaid debt is transferred.
Our regulator, Ofgem, for legal or regulatory purposes
The Energy Ombudsman for consumer protection purposes.
Service providers who provide engineering services, industry data collection and aggregation, call-centre, IT and system administration services.
Demand Flexibility Service providers who liaise with the ESO to notify opted in customers of DFS events
Marketing agencies to provide you with information about our products and services or other products and services which may be of interest to you (provided you’ve given your consent) and to help manage any reward or loyalty schemes.
Another supplier if you're leaving us as an energy customer, we'll pass on your information on to your new suppliers. This may include any special assistance requirements and information about you as an energy customer.
The Police or Law Enforcement if we are asked to provide information we will require them to provide a warrant, unless we feel that it is in the best interests of our customers or the public to provide the information without a warrant.We make sure that these third parties won’t use your personal data for their own purposes and we only permit them to use it in accordance with our instructions and the law.
We make sure that these third parties won’t use your personal data for their own purposes and we only permit them to use it in accordance with our instructions and the law.
Sending your data outside the UK
Occasionally, we may need to pass your information to our agents and service providers, this may involve people or organisations outside the UK. The laws of some of the jurisdictions in which these people or organisations are located may not be as robust as those of the UK.
If we do, we will take all steps reasonably possible to make sure your personal information is handled securely and in line with this privacy notice. Accordingly, we have put in place strong contractual commitments with these organisations.
How long will we keep your data
We will only keep your personal information we collect for as long as it is necessary for the purposes for which we collected it. The length of time depends on the purposes for which we used it, or otherwise to meet our legal, regulatory, accounting or administrative requirements.
We will delete any information as soon as we no longer have a valid reason to hold it. if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and prevent any further processing until deletion is possible.
We determine the appropriate retention period for the personal information we hold by considering the amount, sensitivity and the nature of the data. In addition to this we factor in the risk of harm should your data be exposed to unauthorised access or disclosed, the reasons why we hold the data, the legal requirements and whether we can realistically achieve the purposes in other ways.
How we protect your information
We follow strict security procedures to protect personal information. This includes following certain guidelines (for example, checking your identity when you contact us).
We recommend that you do not disclose your account login details to anyone. Please always remember to log out of your account when you have finished accessing your online account.
We regularly review our practices for collecting, processing and storing personal information, including physical security measures, to guard against unauthorised access to systems and backups to prevent the loss of information. We will continue to enhance our security procedures as new technology becomes available.
We restrict access to personal information wherever possible to people who need to know that information to process it and who are subject to contractual confidentiality requirements.
We use encryption to keep your information private while in transit.
We ensure that all of our staff are trained on the GDPR when they onboard with us, as well as overseeing annual refresher training. The protection of personal data, housekeeping and general office rules are a part of our daily practice
We regularly audit our processes and systems to ensure that we remain compliant with our legal obligations and our policies.
Where we store your data
We are based in the UK, however some of our third parties and agents that we work with may be based outside of the European Economic Area (EEA) and this could result in a transfer of your data, and therefore being processed, outside of the EEA.
Whenever this occurs, we will always ensure it is protected by making sure we have strict safeguards in place. We would ensure that the country has been granted an adequacy decision in which your protection is guaranteed, or we would insist on specific contractual protections.
Categories of information
We have set out below different categories of data that we may process and include some of the reasons why we need this information.
Contact information – this includes your name, date of birth or age range, address, email address and telephone number. We need this to verify your identity and to become your energy provider.
Financial data - your bank details and payment details so you can pay for your energy services.
Energy supply data - your energy use, technical information on your meter(s), supply history and smart meter data. As well as billing purposes, this information lets us know that your meter is safe and operating and recording correctly.
Technical data – this includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Profile data - includes your account log in information, your interests, preferences, feedback and survey responses.
Data about your communications or interactions with us - such as information about how you communicate with us (by phone, emails, or chat) and how you use our website and app or interact with our ads and content on other websites. More information on this is in the ‘Cookies and analytics’ section.
Marketing and communications data - includes your marketing preferences for us and third parties and your communication preferences.
Vulnerability data - information relating to your health, disability or financial circumstances. This information helps us to provide you with appropriate services to keep you safe and to determine your eligibility to be on the Priority Services Register (PSR).
Customer service data - when you get in touch by phone, email, chat or on social media we monitor, record and review those communications so we can provide the best possible service to you and all our customers and so we can show evidence of transactions or events.
Other products - Information about how you use other products and services that we supply such as solar, batteries, and EV charging.
You have various rights in relation to your personal information.
Request access to your personal information - you can request a copy of the personal information we hold on you.
Request correction of your personal information - if any personal information we hold on you is incorrect, you can request to have it corrected. You can update personal information that we have on you through your online account.
Request deletion of your personal information - you can ask us to delete your personal information in certain circumstances. If we are not able to do this we will explain why not.
Object to processing or restrict processing of your personal information - you may object to our processing or ask us to restrict our processing of your personal information in certain circumstances.
Request the transfer of your personal information to provide you, or a third party you have chosen, with your personal information.
Withdraw consent to processing of your data - where we’re relying on consent to process your personal information.
If you require access to or erasure of your personal data, you can send your request to DSR@so.energy where our dedicated team of specialists will endeavour to action your request within 30 days, as per the guidelines laid out by the Information Commissioner’s Officer (ICO).
If you want further information about your rights, you can contact our Data Protection Officer at firstname.lastname@example.org,
Our lawful basis for processing
UK data protection law requires an organisation to have a lawful basis for its personal information collection and use, and there are several lawful bases available.
Performance of a contract
When you use our services, almost all the personal information collection and use is necessary to provide the service.
If you provide us your contact details to ask us a question, request more information or contact us, we use your details to reply and resolve any issues.
Some personal data collection and use is in our legitimate business interests. To use this lawful basis we assess both our interests and yours, to make sure that what we’re doing does not cause any unjustified privacy intrusion.
Examples: identity checks; fraud prevention and reporting; marketing campaign records.
We have legal obligations to collect, use and keep certain information for certain purposes.
Examples: diligence on corporate customers; records of who has unsubscribed from marketing.
Marketing: if you have provided us your contact details to hear about our products and services and you no longer want to hear from us, we are obliged by law to stop contacting you. To meet this legal obligation we will add your details to a suppression list so you no longer hear from us.
Where we require consent, we will explain why and provide sufficient information to allow you to make an informed decision. When we receive consent to perform such activities, that consent may be withdrawn at any time by contacting us. If you decide you want to change your marketing preference, you can change your preference in your So Energy online account or you can just send an email to email@example.com and we’ll update your preferences for you.
Examples: to contact you by email or SMS to make you aware of new products that may be of interest to you; analysing your smart meter readings to offer you products and services.
Getting in touch with you
We’ll always contact you by the method we’ve agreed with you when you signed up to us.
Taking your smart meter readings with your consent
If you use a smart meter and we are able to operate this remotely, we'll normally collect readings from your smart meter once a day. You can decide whether we take a reading for the entire 24-hour period or for each half-hour period. We won't take more than one reading a day unless you have given us your consent. If you'd prefer us to only take one reading a month, you can email us at firstname.lastname@example.org.
Analysing your smart meter readings to offer you new products and services with your consent
If you use a smart meter and we are able to operate this remotely, we could use your smart meter readings to understand how you use your energy. For example, we could learn how to buy energy for lower prices and be able to build and offer you new products and services. We will only use your smart meter readings to do this if you have given us your consent.
If you have any questions or concerns about how we use your personal information, please email our data security team at email@example.com.
You can email us at firstname.lastname@example.org at any time to withdraw this consent.Withdrawing consent.
Cookies and analytics
A 'cookie' is a piece of information stored on your computer that records how you've used a website.
Some cookies are necessary for our website to function. Some allow us to monitor how our customers and visitors use our website, so we can make improvements to its design, layout and functionality. Some cookies recognise your computer and remember non-personal information each time you use the site, so you can just pick up where you left off each time.
We use programs such as Google Analytics to help us find out:
how many people visit our websites;
which pages are most popular;
how long people spend in each area;
what information they’re searching for.
These insights help us understand how to improve our websites.
referring sites that sent you to us
the dates and times of a visit.
This information allows us to analyse, review and improve customer experience for users of our website and mobile applications.
We also use third party analytics services like Hotjar, which is similar to Google Analytics.
It allows us to:
see where people click on a webpage;
follow mouse patterns;
track non-sensitive text that people might type into the site.
These insights allow us to analyse, review and improve customer experience for users of our website and mobile applications.
We use Facebook Pixel and Google Analytics Advertising to track the performance of our advertising campaigns and allow us to tailor the advertising you might be interested in.
Every email we send to our customers contains small gif files, also known as tracking pixels. These are tiny graphic files that contain unique identifiers that enable us to recognise when our marketing subscribers have opened an email or clicked certain links. This allows us to record each subscriber's email address, IP address, device ID, date, and time associated with each open and click for a campaign. We use this data to create reports about how an email campaign performed and to amend future campaigns based on subscriber interactions.
If you don't want us to use your cookies, you can change the settings of your browser preventing it from accepting cookies, or to notify you when a website tries to put a cookie on your computer. See www.aboutcookies.org for more information on deleting or blocking cookies.
Please bear in mind, if you do disable this function, you might not be able to use some of the products or services on our website.
You can also opt out from these third parties’ targeting through the following sources.
Google Analytics Advertising Features – visit https://www.google.com/settings/ads and adjust your personal settings.
Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
Information Commissioner’s Office
We would always rather you speak to us first if you have any questions about our handling of your personal data, so we can resolve any problems as quickly as possible. However, if you are not happy with the way we have handled your data, or would like more information about your rights, you can contact the Information Commissioner’s Office, the UK’s independent authority on data privacy at ico.org.uk.
If you have any questions, requests or comments regarding this Privacy Notice or the handling of your personal data, they should be addressed to our Data Protection Officer at email@example.com