Our priority at E.ON is keeping your data secure and treating it with respect. We aim to handle your data fairly and lawfully at all times. We're also committed to being transparent about what we do. This statement explains how we collect, use, transfer and store your personal data. We know that there's a lot of information here, but it's important that you understand your rights as a customer. We've tried to make it as easy as possible to navigate through by including headings you can click on, which then expand to show more information.
It's likely that we'll update this notice from time to time in order to reflect changes in the law and/or to our privacy practices, but we'll notify you of any significant changes. Our website will always show the most up to date version. You can request a paper copy, including large print or braille, by contacting us. This policy was last updated on the 1st of June 2021.
This policy explains how and why we process your data. If you have a specific product or service from us, listed in the product and services section. We've also provided more information as to how we may use your data and the reasons why (click on the relevant topic). This supplements the information given in an attempt to be as transparent as possible, it doesn't replace anything in this or other privacy policies which may be applicable to the service or product you have.
E.ON is the 'Data Controller' for your personal data. This means we have legal responsibility for how we collect and handle your data.
We refer to 'E.ON' in this statement. This means E.ON UK plc, and the companies owned by E.ON UK plc who provide energy and related products and services. E.ON UK plc is part of the E.ON group, one of the world's largest power and gas companies.
The address and registered office of E.ON is Westwood Way, Westwood Business Park, Coventry, CV4 8LG.
In 2019, E.ON's parent company acquired a majority shareholding in Innogy SE who are the parent company of the Npower group and its subsidiaries in the UK.
This policy also applies to Npower Commercial Gas Limited (3768856) customers' data.
As our products and services may be provided to you by different companies within our group, it may be that your personal information is passed to the relevant group company or companies. You can find out more about E.ON on our website or about npower on the npower website.
- Customers and prospective customers;
- Individuals, sole traders, partnerships and companies (to the extent that the relevant company provides us with any personal data - for example employee names and email addresses);
- People we wish to promote products and services to;
- People who contact us on social media;
- People who visit our website;
- People who have responsibility for managing, or being a point of contact, for another person's account.
Data we process about you includes:
Personal data: Such as your name, address, date of birth, and other contact details such as your email address and telephone number.
Vulnerability information: Such as health or disability issues. Having this data helps us provide you with the right services for you and to ensure your safety.
Financial information: Such as your payment details and financial circumstances. We need your bank details if you want to pay by Direct Debit. If you have difficulty paying our bills, providing details of your circumstances helps us work with you to resolve this.
Information about your supply: Such as your meter reference numbers and meter type. This ensures we are linking you with the right meter and helps to keep industry databases accurate.
Energy you use: Such as your energy use and property occupation dates. If you have a smart meter, we will take consumption data directly from your meter. You have a contractual obligation to provide us with details of your energy usage, as we need this to send you accurate bills. If we have to estimate your bills, you may not be paying the right amount for your energy.
Records of conversations/interactions with us: Such as records of your discussions with our customer support teams, including call recordings, webchat and emails for training and monitoring purposes. When you share comments and opinions with us, ask us questions or make a complaint we may keep a record of this. This includes when you send us emails, phone our support team or contact us via webchat or through social media such as through Twitter or on Facebook. Some of our staff may also wear body worn video equipment.
Marketing preferences: We will record your advertising and marketing preferences including any requests for these communications to stop.
Exercising your rights: If you exercise any of your statutory rights under data protection law, we will keep a record of this and how we respond.
Device and machine information: Your smartphone or computer's IP address may tell us an approximate location when you connect to our website, but this will be no more precise than the city, state or country you are using your device in.
Lifestyle and demographic insight information: Information about how you use our services and other information about your demographic in order for us to offer you personalised energy products and services.
Company data: With regards to companies, data such as names, phone numbers and email addresses of representatives of your company.
Data such as your name and contact details may be provided to us by people moving in or out of a property you're occupying, or a landlord/estate agent.
Metering and debt information can come from other organisations involved in supplying your energy and other services, such as other energy suppliers, meter operators, third party collection agencies and Credit Reference Agencies
Energy brokers and comparison platforms like MoneySuperMarket will send us the details we need to contact you and set up an account for you.
Publicly-accessible data is available from sources such as the Land Registry, who can provide up to date information about properties we supply energy to.
Information such as additional contact details, home moving status and other information about your circumstances, including lifestyle and demographic data can be provided by councils, postal services, third party collection agencies and data brokers.
Information about energy saving installations can be provided by installers and managing agents.
Information about your use of home energy solutions can be provided to us by those companies who provide the service to you.
We can only use your personal information in compliance with data protection laws. Those laws require that where we use your personal information, we must have the required legal basis to do so.
Set out below are the different legal bases we use in E.ON as well as examples of the types of processing we carry out:
Legal basis for processing: Performance of a contract with you or in readiness for such a contract.
Processing activities: (purpose)
Some examples include:
- To assess your needs, provide you with a quotation and agree a contract with you.
- To set up your account with us, secure energy availability, apply the correct pricing, process consumption data, calculate charges and send invoices.
- To process payments, refunds and set up payment plans.
Legal basis for processing: Consent
Processing activities: (purpose)
Where you have provided consent, we will rely on that to process your information for the purposes set out at the time that the request for consent was made.
You can change that consent at any time by contacting us.
If you have any vulnerabilities, we'll ask for your explicit consent before we add your details to our Priority Services Register and share with the relevant network operator. This enables us to take extra steps to ensure your safety and offer you additional services.
Promotion of products and services
We'd like to use your personal data to communicate with you by email, text, letter, telephone, social media and via our website
With your consent, we will tell you about products and services, promotions, tailored special offers and discounts that we think are likely to interest you. If you've given us permission to send you marketing information, we will respect your choices as to how you would like to receive this.
We may send you letters or call you without your prior agreement when we have a legitimate interest in doing this- please refer to legitimate interest section.
Smart Half Hourly data
Please see our smart metering information.
Legal basis for processing: Legal obligations
As an energy supplier we have various rules and obligations we must abide by. The majority of these are set out in our licence to operate which is regulated by the Office of Gas and Electricity Markets (Ofgem). There are numerous other regulatory and legal obligations that as a business we must follow.
Processing activities (purpose)
Some examples include:
Regulatory reporting is a legal requirement we have to do and will involve us processing your data for this purpose.
Managing your complaint or dispute will require us to process your information and in certain circumstances require us to share it with bodies like the 'Energy Ombudsman'.
Our obligation to try and install a smart meter will require us to process your data for this purpose. Please refer to Smart section for more information on how we use your smart data.
Orders made by a Court, for example where we are ordered to disclose information to law enforcement agencies.
Legal basis for processing: Legitimate interest
Where we or someone else has a legitimate interest, we'll ensure that our interest has been balanced against your rights and freedoms as an individual.
Processing activities (purpose)
Some examples may include:
- We may want to use your details to contact you about your account, to discuss things such as unpaid bills or to check information relating to your energy supply.
- We may want to pass your information to organisations we work with who deliver a service for us, such as third parties we contract with directly to help us deliver services such as take meter readings or print agencies. (see who we share your data with)
- Advertising organisations including social media and entertainment service providers, which allows them to provide you with more relevant adverts.
- For good governance, accounting, managing and auditing our business operations so that our business is effective and performs well.
- Monitoring and recording our dealings with you, for example to prove you've agreed a contract with us, to help train our staff, or to help us give better service.
- To manage our bad debt risk, including:
- Taking legal action against you if you do not pay our bills, because we are entitled to try and enforce our rights,
- Performing credit and anti-fraud checks to assess your application for credit and offer suitable payment terms.
- Analysing your consumption so that we can offer you tariffs that suit your circumstances and give you tailored energy efficiency advice to help you save money.
- Aggregating your consumption with similar properties in your area so we can provide an accurate comparison tool for you and other customers.
- To develop, test and improve the products and services we provide. For example, lifestyle and demographic insight information to assess which of our products and services that may be of interest to you. This includes matching your data with data we obtain from other companies, for example, so that we do not advertise to you about a third party product or service that you already have.
- To provide you with incentives or run a loyalty scheme, and to maintain our Refer a Friend Programme.
- For research and insight purposes, to enable us to provide good customer service and how we might improve our products and services. In some circumstances we (or our partners) may use your contact details to ask you for your opinion of a service or interaction you have had with us to help us monitor and improve in the future.
- For the prevention, detection and prosecution of fraud or other unlawful acts which could harm our business.
There are various circumstances where we may need to share your data with other people or organisations. These are:
- Our parent company and other companies in the E.ON Group and/or npower Group who may be involved in the provision of services to you.
- Energy market administrators such as Xoserve for gas, ECOES for electricity and the Meter Point Administration Service, as we may need to check that your meter is correctly registered against your address.
- Network Operators, for example so they can keep you informed about disruptions and reconnections to your energy supply if there's a loss of supply, an emergency or an event happening that will cause disruption to your energy supply.
- Agents and sub-contractors appointed by us to facilitate our contract with you, such as Meter Operators and Data Collectors.
- Third-party IT suppliers who provide and/or help us operate our IT systems. For example, to carry out diagnostics or troubleshooting work.
- If you have a smart meter, Smart DCC Ltd, who manage the data and communications network connecting smart meters to us and other industry suppliers, to ensure consistency between suppliers.
- Network Providers who provide Home Area Network services to some smart metering customers, to enable these services to be provided.
- Energy suppliers and other organisations to deal with a switch between suppliers.
- When changing supplier, if you have a Prepayment meter, we may share debt information between suppliers as part of this process.
- Other energy suppliers, landlords or housing associations if we or another organisation suspect the property is connected with fraud or theft. We also contribute to the Theft Risk Assessment Service operated by Experian.
- Agents appointed by Ofgem to test meters suspected of being faulty.
- Other people you have authorised us to share data with, such as family members, energy brokers, solicitors and debt management companies, so we can fulfil your requirements.
- Debt collection agencies and other organisations assisting us with debt recovery (for example, bailiffs, courts, private investigators and our solicitors).
- Social services, the Police, distribution services or other similar agencies if we think you need extra emergency help.
- The administrators of our Energy Fund grants, if you apply to them for help payment your bills.
- Organisations giving you a service (for instance Green Deal), helping you compare your energy use with similar households or offering you rewards to assist you.
- Market regulators such as Ofgem and consumer protection organisations such as the Energy Ombudsman, where we are obliged to do so under regulations.
- Law enforcement organisations working on the detection, investigation and prevention of crime and enforcement of legislation.
- Commissioning and installation contractors for installations such as solar panels, batteries and insulation, and HIES, the consumer protection organisation covering the installation of renewable energy products
- Financial organisations for purposes such as payment processing, and refunds.
- If you apply for Affordable Warmth-funded measures, the Energy Saving Trust and Department for Work and Pensions to confirm whether you're entitled to the assistance and other necessary contractors to carry out the surveys, work etc.
- Finance providers if you require a loan to pay for energy saving measures.
- Manufacturers and suppliers of energy efficiency measures who provide energy saving measures and are working for you.
- Organisations which offer referral and reward schemes on our behalf, and/or organisations which offer you cash back for joining us.
- If you want to register or transfer your Generation Unit(s) under either the FiT or SEG schemes, we will share your data with the Department for Business Energy and Industrial Strategy, our regulator Ofgem and other FiT/SEG licensees. We also share your data with service partners we engage to assist us with things like IT, telephony, bulk mailing, and mobile app platforms.
- Advertising organisations including social media and entertainment service providers to show you advertising about our products and services.
- Our marketing partners who we work with. These organisations may enhance or match the data we hold or carry out activities on our behalf.
- If you have E.ON Home with us, information about your use of home energy solutions can be provided by those companies who provide the service to you.
- If you have solar panels or battery storage with us and you wish to pay for your installation using our finance options, we will share your details with the lender. We will also need to transfer data to the provider of your solar and/or battery inverter(s) for the purposes of providing you with access to monitoring platforms such as E.ON Home or those provided by the inverter manufacturer.
- When we share your personal data with third parties, we enter into contracts to ensure your personal data is kept secure, is only used for the defined purpose, and is then deleted in accordance with our data retention requirements.
- When you join us, buy an additional product or service or set up a Direct Debit for the first time, we’ll share your details with one or more CRAs to check your identity and see if you may have any problems paying your bills. This means that we’ll share your personal data with them, and they’ll give us information about you so we can be sure about who we have a contract with and see if you might have problems paying your bills.
- We may also tell Credit Reference Agencies (CRAs) how you're managing your account and whether you owe us any money. They might share this data with others to help them make informed lending decisions. For more information, view the Credit Reference Agencies section.
We may use automated decision making, including profiling. This involves processing your personal data without human intervention to evaluate your personal situation such as your economic position, personal preferences, interests and behaviour, for instance in relation to transactions on your account. We may do this for the following reasons:
To produce statistics for analysis purposes;
To identify what marketing offers are likely to interest you the most. This should ensure you only see offers that are relevant to you, but may mean you don't see everything that we offer;
To assess your credit risk. Factors such as your payment history will determine what action we take to ensure our bills are paid.
The rationale behind making a decision or building a profile about you will differ in each case but generally we will use what we know about you, your household and your account history and combine this with demographic and general trend data.
All this activity is on the basis of our legitimate interests in improving our business, tailoring our services and the offers we make and developing and innovating our products and services which we can offer to you.
We have accounts on most major social media channels and use their 'public' platforms to manage our social media interactions.
We don't have any control over how these companies use any data shared with us through their services, and we recommend you review their privacy notices yourself. We'd also remind you that any information you post publicly is visible to anyone.
If we know you're an E.ON customer and you send us personal data using a private or direct message via social media, that data will be stored along with your other account records in line with our standard data retention period.
If you send us personal data via Facebook Messenger to enable us to give you a quote for a potential energy supply, we'll delete the relevant messages from Messenger, but they will still be available to you and Facebook unless you also delete them.
If we collect or handle your personal data, you have rights as an individual which you can exercise in relation to the information we hold about you.
If you'd like to express one of your rights, please email CustomerRightTeam@eonenergy.com
Right of access to your personal data
You can find out if we hold any personal data about you, and access that data, by making a ‘subject access request’ under the Data Protection Act 2018 and the UK General Data Protection Regulation. If we do hold your personal data, we will provide you with a copy and information about what we do with it. Unless you ask us to provide it in a different way, we will email this to you where you have given us an email address.
You can request access to our data by using any of the methods on our contact us page.
If you have an account with us, we will retain your personal data for seven years following the end of our contractual relationship with you (which might be when your account closes or when we have issued your final bill.) There may be circumstances when we need to keep it for longer, for instance, if you are on a long-term payment plan or to meet our legal obligations. We will delete it as soon as we have no need to keep it further or put it "beyond use". Beyond use means we will not use your personal data to inform any decisions, we will not give access to any other organisation and will delete as soon as this becomes possible.
If we hold your data for any other reason, we will delete it as soon as we no longer have a valid reason to retain it.
When you log in to your online account or ask us for a quote, our website pages are secure, which means all the personal details you type in are encrypted before they’re sent to us.
We store and use all personal information securely, so it can't be read by anyone who doesn't need to see it.
When you get in touch with us, we'll ask you a couple of security questions before we share any personal details, just to check it's you. We will never give out your personal data such as name, address, DOB when you speak to us, we will only confirm it back to you.
When we use other organisations to help us provide services and manage your account, we have appropriate contracts in place, which limits their use of your data to only what we have asked them to do. We provide only the information they need to perform their specific services and we work closely with them to ensure that your privacy is respected and protected at all times. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
The Brexit transition period ended on 31 December 2020. As part of the new trade deal, the UK have entered into at least four months period (extendable to six if needed) where international transfers of data will continue as before.
Data protection laws allow us to transfer personal data to organisations in countries within the European Economic Area (EEA), as those countries are deemed to have adequate controls and safeguards in place to protect your data.
We may transfer your personal data to an organisation in a country outside the EEA, in which case we will only do so where the European Commission has declared that the receiving country has an adequate level of protection, or we have a contract in place which includes appropriate data protection clauses requiring that your data is handled to the same standards as we uphold.
Credit reference agencies
When you join us, buy an additional product or service or set up a Direct Debit for the first time, we'll share your details with one or more Credit Reference Agencies (CRAs). This means that we'll share your personal data with them, and they'll give us information about you so we can be sure about who we have a contract with and see if you might have problems paying your bills.
We may also tell CRAs how you're managing your account and whether you owe us any money. They might share this data with others to help them make informed lending decisions.
CRAs can also help us try to trace you if you have moved and we owe you money or you owe us money. They may also provide information to us if you do not tell us that you are a new owner or occupier of an address we supply, so that we can take steps to get in touch and set up an account with you.
More information is set out in a Credit Reference Agency Information Notice (CRAIN) which describes how the three main CRAs (Experian, Equifax and TransUnion) share and use personal data. This is available from all three CRAs and displayed on their websites. You can also find the information here. If you would like to find out more details about our credit checking process please see our FAQ's below.
What's a Credit Reference Agency?
Credit reference agencies (CRAs) collect and maintain information on consumers' and businesses' credit behaviour on behalf of organisations in the UK.
What's a fraud prevention agency?
Fraud prevention agencies (FPAs) collect, maintain and share, information on known and suspected fraudulent activity. Some CRAs also act as FPAs.
Why do you use them when I’ve chosen to switch to E.ON?
Although you've chosen to switch to us, we’ll check our own records and contact CRAs to get information on your credit behaviour with other organisations. This'll help us make the best possible assessment of your financial situation before we make a decision. We'll do this in a secure and responsible manner, in line with industry standards.
Where do they get their information from?
- From publicly available information such as:
- The Electoral Register from Local Authorities.
- County Court Judgments from Registry Trust.
- Bankruptcy (and other similar orders) from the Insolvency Service.
- Fraud information may also come from FPAs.
- Credit information comes from information on applications to banks, building societies, credit card companies etc. and also from the behaviour of those accounts.
How will I know if my information is being sent to a CRA or FRA?
You’ll be told when you apply for an account if your application data is to be supplied. The next section will tell you how, when and why we’ll search at CRAs and FPAs and what we’ll do with the information we obtain from them. We’ll also tell you if we plan to send your payment history information on you or your business, if you have one, to CRAs. You can ask at any time for the name of CRAs and FPAs.
Why is my data used in this way?
We and other organisations want to make the best possible decisions we can, in order to make sure that you, or your business, will be able to pay us for the energy you use. Some organisations may also use the information to check your identity, check for outstanding debt, and to ensure that there is no evidence of fraudulent activity within your credit history. We'll always use this information securely, for the purposes it is intended, and won’t use it for marketing purposes.
In this way we can ensure that we all make responsible decisions. At the same time, we also want to make decisions quickly and easily and, by using up to date information, we’re able to make the most reliable and fair decisions possible.
Who controls what agencies are allowed to do with my data?
All organisations that collect and process personal data are regulated by the Data Protection Act 2018 and the UK General Data Protection Regulation, overseen by the Information Commissioner’s Office (ICO). All CRAs are in regular dialogue with the Commissioner. Use of the Electoral Register is controlled under the Representation of the People Act 2000.
Can anyone look at data held by CRAs?
No, access to your information is very strictly controlled and only those that are entitled to do so may see it. Usually, that will only be with your agreement or (very occasionally) if there is a legal requirement.
Will my data be used for crime prevention?
We may share your data with other organisations for the detection and prevention of crime. Your information will always be processed securely and in line with data privacy laws.
What we'll do
1. When you apply to us to open an account, we'll:
a) Check our own records for information on:
i) Your personal accounts;
ii) and, if you've got one, your financial associates' personal accounts;
iii) if you're an owner, director or partner in a small business we may also check on your business accounts.
b) Search at credit reference agencies (CRAs) for information on:
i) Your personal accounts;
ii) and, if you're making a joint application now or have ever done the following, we'll check your financial associates’ personal accounts as well: - previously made joint applications - have joint accounts - are financially linked;
iii) if there's insufficient information to enable us to assist you, occasionally we may also use information about other members of your family;
iv) if you're a director or partner in a small business we may also check on your business accounts.
c) Search at fraud prevention agencies (FPAs) for information on you and any addresses at which you've lived and, on your business (if you've got one).
2. What we do with the information you supply to us as part of the application:
a) Information that's supplied to us will be sent to the CRAs.
b) If you're making a joint application or tell us that you've a spouse or financial associate, we'll:
i) search, link and/or record information at CRAs about you both;
ii) link any individual identified as your financial associate, in our own records;
iii) take both your and their information into account in future applications by either or both of you;
iv) continue this linking until the account closes or is changed to a sole account and one of you notifies us that you're no longer linked, so you must be sure that you have their agreement to disclose information about them;
c) If you give us false or inaccurate information and we suspect or identify fraud, we'll record this and may also pass this information to FPAs and other organisations involved in crime and fraud prevention.
d) We may also use your data to offer you other products and services if you have given your permission.
3. With the information we obtain we’ll:
a) Assess this application to make a decision on products and services that we offer you.
b) Check details on applications for credit and credit related or other facilities.
c) Verify your identity and the identity of your spouse, partner or other directors/partners and/or;
d) Undertake checks for the prevention and detection of crime, fraud and/or money laundering.
e) We may use scoring methods to assess this application and to verify your identity.
f) Manage your personal and/or business account (if you have one) with ourselves.
g) Undertake periodic statistical analysis or testing to ensure the accuracy of existing and future products and services.
h) Any or all of these processes may be automated.
4. What we do when you have an account:
a) We'll give details of your personal and/or business account (if you've got one), including names and parties to the account and how you manage it/them to CRAs.
b) If you don't repay your bill in full, on time, or as arranged we'll tell CRAs.
c) We may make periodic searches of our own group records and at CRAs to manage your account with us. We may make periodic searches of our own group records and at CRAs to manage your account with us. This may include obtaining your financial information from CRAs, this may include but is not limited to: credit utilisation, mortgage information, defaults on credit accounts, fraud indicators and residency indicators. This data is used to support the implementation of appropriate debt prevention and collection strategies to mitigate our bad debt risk. This may include but is not limited to: supporting setting up sustainable payment arrangements, identifying and supporting customers facing financial vulnerability and implementing pre-delinquency measures. If you do not want us to obtain this information, please contact us. We may also check at FPAs to prevent or detect fraud.
d) We may also check at FPAs to prevent or detect fraud.
e) If you don't make payments that you owe us, we'll trace your whereabouts and recover debts
What CRAs and FPAs do
5. When CRAs receive a search from us, they will:
a) Place a search "footprint" on your credit file whether or not this application continues. If the search was for a credit application, the record of that search (but not the name of the organisation that carried it out) may be seen by other organisations when you apply for credit in the future.
b) Link together the records of you and anyone that you have advised is your financial associate including previous and current parties. Links between financial associates will remain on your and their files until such time as you or your partner successfully files for a disassociation with the credit reference agencies.
6. They supply to us:
a) Credit information such as previous applications and the behaviour of the accounts in your name and of your associates (if there's a link between you – see 1b above) and/or your business accounts (if you've got one).
b) Public information such as County Court Judgments (CCJs) and bankruptcies.
c) Electoral Register information.
d) Fraud prevention information.
7. When information is supplied by us, to them, on your accounts:
a) CRAs will record the details that are supplied on your personal and/or business account (if you've got one) including any previous and subsequent names that have been used by the account holders and how you/they manage it/them.
b) If you don't repay in full, on time, or as arranged, CRAs will record the outstanding debt.
c) Records shared with CRAs remain on file for six years after they're closed, whether settled by you or defaulted.
d) If we owe you monies and are unable to contact you, we may use this information to trace you and credit any monies owed.
8. How CRAs won't use your data:
a) It won't be used to create a blacklist.
b) It won't be used by the CRA to make a decision.
9. How CRAs will use your data:
a) The information which we and other organisations provide to CRAs about you, your financial associates and your business (if you've got one) may be supplied by CRAs to other organisations and used by them to:
i) Prevent crime, fraud and money laundering by, for example, checking details provided on applications for credit and credit related or other facilities;
ii) Check the operation of credit and credit-related accounts;
iii) Verify your identity if you or your financial associate applies for other facilities;
iv) Make decisions on credit and credit related services about you, your partner, other members of your household or your business;
v) Manage your personal, your partner's and/or business (if you've got one) credit or credit related account or other facilities;
vi) Trace your whereabouts and recover debts or refund credits that we may owe you;
vii) Undertake statistical analysis and system testing.
10. How your data might be used by Fraud prevention agencies:
a) The information which we provide to the FPAs about you, your financial associates and your business (if you've got one) may be supplied by FPAs to other organisations and used by them and us to:
i) Prevent crime, fraud and money laundering by, for example;
- Checking details provided on applications for credit and credit related or other facilities;
- Managing credit and credit related accounts or facilities;
- Cross checking details provided on proposals and claims for all types of insurance;
- Checking details on applications for jobs or when checked as part of employment.
b) Verify your identity if you or your financial associate applies for other facilities including all types of insurance proposals and claims.
c) Trace your whereabouts and recover debts that you owe.
d) Conduct other checks to prevent or detect fraud.
e) We and other organisations may access and use from other countries the information recorded by FPAs.
f) Undertake statistical analysis and system testing.
11. Other purposes
Your data may also be used for other purposes for which you give your specific permission or, in very limited circumstances, when required by law or where permitted under the terms of the Data Protection Act 2018 and the UK General Data Protection Regulation.
12. Offer products
Your data may also be used to offer you other products, but only where permitted.
How to find out more
You can contact the CRAs currently operating in the UK: the information they hold may not be the same so it's worth contacting them all:
Transunion, Consumer Services Team, One Park Lane, Leeds, LS3 1EP or call 0330 024 7574.
Equifax Ltd, 6 Wellington Place, Leeds, LS1 4AP or call 0113 380 8000.
Experian, Consumer Help Service, PO Box 8000, Nottingham, NG80 7WF or call 0870 241 6212.