09/17/2024 | Press release | Distributed by Public on 09/17/2024 04:30
This privacy notice explains how we will process the personal information of authorised representatives of installers and additional users of installers for the purposes of the Boiler Upgrade Scheme (BUS), administered by Ofgem. This privacy notice also sets out authorised representatives' and additional users' rights as data subjects.
It applies to information we process concerning:
The controller for the processing of any personal information as outlined in this privacy notice is the Gas and Electricity Markets Authority (GEMA). For ease of reference, this privacy notice refers to the administrative office of GEMA as 'Ofgem' throughout.
We will collect the following information directly from the authorised representative:
We will collect the following information directly from the authorised representatives or additional users who've been given permission to manage other users on their business's installer account, and including the:
We will also collect information directly from users who sign up to our newsletter(s), respond to our customer satisfaction (CSAT) surveys or are part of any Ofgem working group related to the BUS. We will collect and store their name and email address in order to send these to them, as well as their responses to questions posed relating to our performance in administering the scheme.
Registered users can request for their information to be removed from the newsletter distribution list at any time by clicking unsubscribe within the newsletter.
We receive information directly and indirectly when the authorised representative:
And in addition during audits or for an assurance report, we may receive information indirectly via a third party who we have contracted to undertake auditing or assurance work on our behalf. This may include further documentary evidence.
We only collect information that we need in order to carry out our functions in relation to the BUS. Our primary functions to administer the BUS include, but are not limited to:
The personal information of authorised representatives or additional users on an installer account will not be used for profiling (that is, any computerised processing which may use personal information to evaluate certain things about an individual, for example any decision relating to their registration on the BUS digital portal).
In some cases, we use data analytics software to:
In order to inform future policy development of our environmental and social schemes, authorised representatives' and additional users' information will be used to review and improve our scheme administration.
We collect BUS users' information when users:
We will process and disclosure users' personal information:
We will only share authorised representative and additional user information with the following organisations or official bodies:
DESNZ will also share users' information with its contractors or sub-contractors for these purposes.
We collect and process users' information under the 'public task' legal basis for processing, as part of our remit as the BUS administrator (UK GDPR, Article 6(1)(e)), and for purposes arising from Ofgem's functions conferred by law, including the:
We would not be able to fulfil our obligations as the administrator of the BUS without collecting and using users' information.
We may process your information for the purpose of conducting surveys. Where we do so, this is necessary for the purposes of legitimate interests pursued by us within the meaning of Article 6(1)(f) GDPR. Where you agree to participate in a survey, we will also process your information based on your consent.
The digital copies of the proof of ID and proof of home address documents authorised representatives submit will be deleted when we no longer need them for our verification purposes. We will only retain your information for as long as required.
Users' personal information is deleted when we no longer need it for our functions in administering the BUS. As such, it is retained by Ofgem for the duration of the scheme, and for a period of 7 years thereafter.
Any information users provide will not be transferred outside the European Economic Area.
Where we use cloud processing to support our data processing, the servers are located within the European Economic Area.
We hold information about BUS users who have the right to:
To see the full suite of new consumer rights available to users under UK GDPR, please refer to the Ofgem privacy policy or the ICO website.
To find out more information on how Ofgem processes personal data, please refer to the Ofgem privacy policy.
If you would like to:
The Data Protection Officer
Ofgem
10 South Colonnade
Canary Wharf
London
E14 4PU
Users of the BUS have a right to complain to the Information Commissioner.
If you want to raise a concern about how we have handled your information, you can report it direct to the Information Commissioner's Office at the following address:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Online: Live chat
We keep our privacy policy under regular review. This privacy notice was last updated on 17 September 2024.
Cookies are small files saved on users' phones, tablets or computers when they visit a website.
We use the following essential cookies to make the online BUS portal work for installers.
Name | Purpose | Expires |
.ExternalAspNetCore | Stores technical and session-specific information, including user security roles. | 24 hours |
.bus.ext.session | Stores Azure Active Directory Business To Consumer (ADB2C) user login information and session data. | 14 days |
x-ms-cpim-admin | Holds user membership data across tenants. The tenants a user is a member of and level of membership (Admin or User). | When you close your web browser |
x-ms-cpim-slice | Used to route requests to the appropriate production instance. | When you close your web browser |
x-ms-cpim-trans | Used for tracking the transactions (number of authentication requests to Azure AD B2C) and the current transaction. | When you close your web browser |
x-ms-cpim-sso:{Id} | Used for maintaining the SSO session. | When you close your web browser |
x-ms-cpim-cache:{id}_n | Used for maintaining the request state. | When you close your web browser |
x-ms-cpim-csrf | Cross-Site Request Forgery token used for CRSF protection. | When you close your web browser |
x-ms-cpim-dc | Used for Azure AD B2C network routing. | When you close your web browser |
x-ms-cpim-ctx | Context | When you close your web browser |
x-ms-cpim-rp | Used for storing membership data for the resource provider tenant. | When you close your web browser |
x-ms-cpim-rc | Used for storing the relay cookie. | When you close your web browser |
cookies.essential | Used for tracking whether or not a user has dismissed the cookie banner. | 365 days |
cookies.analytics | Used to track whether or not a user has opted into analytics, | 365 days |
With your permission, we use Google Analytics to collect data about how you use the BUS digital service. This information helps us to improve our service.
Google is not allowed to use or share our analytics data with anyone.
Google Analytics stores anonymised information about:
You can choose whether to opt in or out of them after you've signed in.
Name | Purpose | Expires |
_ga | These help us count how many people visit the BUS digital service and other government digital services by tracking if you've visited before | 2 years |
_ga_ | These help us identify and track an individual session on a user's device. | 2 years |