Privacy Policy

1. Introduction

Pesilience Power (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose and protect personal data about you when you use our services, visit our website, contact us, apply for services, or otherwise interact with us. It also explains your rights and how to exercise them. This policy applies to customers, prospective customers, website visitors, job applicants and other individuals whose data we process. ico.org.uk+1

2. Data controller and contact details

Data controller: Pesilience Power Ltd (registered in England & Wales, company no: [INSERT])
Registered office / postal address: [INSERT FULL ADDRESS, UK]
Data protection officer / privacy contact: privacy@pesiliencepower.co.uk or Data Protection, Pesilience Power Ltd, [ADDRESS].
You can contact the ICO for independent advice about data protection rights: https://ico.org.uk. ico.org.uk

3. Personal data we collect

We collect and process personal data necessary to provide energy supply and related services, including (where applicable):

  • Identity & contact data: name, title, postal address, email, telephone numbers.
  • Account & billing data: bank details (for direct debit), billing address, payment history, meter details (meter number, MPAN/MPRN), tariff and contract information.
  • Usage data: meter readings, energy consumption, smart meter data and associated metadata.
  • Verification & identification: date of birth, proof of identity or address (where required for credit checks or fraud prevention).
  • Marketing and communications preferences.
  • Technical data: IP address, device and browser information, cookies and analytics data when you use our website.
  • Communications: records of communications with customer services (calls, emails, chat transcripts), plus any information you provide in those communications.
  • Other data: where you apply for jobs or submit applications for schemes, we may collect additional data (CV, right to work information). Octopus Energy+1

4. How we collect your personal data

We collect data that you provide directly (e.g., when you register, switch supplier, submit meter readings, contact us), data provided by third parties (e.g., credit reference agencies, installers, network operators), and data collected automatically when you use our website and apps (cookies and analytics). For smart meters, data may be provided via meter operators or network systems. Octopus Energy+1

5. Purposes and legal bases for processing

We will only process personal data where we have a lawful basis under UK GDPR. Typical lawful bases include:

  • Performance of a contract: to provide energy supply, billing, payments, meter installation and related services.
  • Legal obligation: to comply with regulatory, tax and legal requirements (Ofgem, HM Government reporting, anti-money laundering, etc.). Ofgem
  • Legitimate interests: for fraud prevention, network and service security, improving our services, direct business communications (with an assessment to protect your rights).
  • Consent: where you have consented (e.g., marketing emails, cookies where required). You can withdraw consent at any time.
  • Vital interests or public task: where required to protect life or for public functions under law.

Where we process special category data (rare for energy supply), we will obtain explicit consent or rely on another permitted legal basis under UK GDPR.

6. Sharing and disclosure of personal data

We may share your personal data with:

  • Service providers and processors who help provide our products (billing processors, payment processors, CRM, marketing platforms, meter installers, data hosts).
  • Network operators & suppliers (for switching, meter readings and industry processes).
  • Credit reference & fraud prevention agencies (for identity checks and credit assessments).
  • Regulators and public authorities (Ofgem, HM Government, law enforcement) when required by law or regulation.
  • Third parties in connection with business transactions (e.g., sale or transfer of all or part of the business; in such event we will ensure appropriate protections).

We will only share the data necessary for the purpose and require third parties to use appropriate security measures and only process data on our instructions. Where third parties are outside the UK/EEA, we will ensure adequate protections (standard contractual clauses or equivalent safeguards). Octopus Energy+1

7. International transfers

Where we transfer personal data outside the UK, we will ensure appropriate safeguards are in place — for example, adequacy decisions, UK standard contractual clauses, binding corporate rules, or other lawful mechanisms — to protect your data. Details are available on request. Octopus Energy USA

8. Data retention

We retain personal data for as long as necessary to fulfil the purposes described (providing services, billing, legal/regulatory obligations, dispute resolution, fraud prevention). Typical retention periods: account and billing records — usually 6 to 7 years for tax and regulatory reasons; marketing opt-out records — until you withdraw consent or for a period that prevents repeated contact; recruitment data — for up to 6 months after application unless otherwise agreed. Specific retention schedules are available on request. Octopus Energy

9. Cookies and online tracking

We use cookies and similar technologies to operate our website, provide functionality, measure and improve performance, and (with consent where required) for analytics and marketing. You can manage cookie preferences via our cookie banner/settings. See our separate Cookie Policy for details. Octopus Energy

10. Security of your personal data

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse or alteration. Measures include encryption, access controls, staff training, and secure third-party contracts. While we take care to protect your information, no internet transmission is completely secure — if you suspect a breach, contact us immediately. Octopus Energy

11. Your rights under UK GDPR

Subject to applicable exemptions, you have the right to:

  • Request access to your personal data (subject access request).
  • Request rectification of inaccurate data.
  • Request erasure (right to be forgotten) where lawful.
  • Request restriction of processing.
  • Object to processing (including profiling) where applicable.
  • Request portability of your data in a commonly used format.
  • Withdraw consent at any time where processing is based on consent.
  • Right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk. ico.org.uk

Requests should be made using the contact details in Section 2. We will respond within statutory timescales (normally one month) or tell you if we need more information or extra time.

12. Marketing communications

Where you consent, we may contact you with marketing about relevant products and services. You can opt out at any time via unsubscribe links in emails or by contacting privacy@pesiliencepower.co.uk. For direct marketing by phone or SMS we will respect your preferences and any relevant marketing opt-out registers (e.g., the Telephone Preference Service). Octopus Energy

13. Automated decision-making and profiling

We may use automated systems to help with credit checking, fraud prevention or to personalise offers. Where automated decisions produce legal or similarly significant effects, we will inform you, explain the logic and provide a way to request human review. Octopus Energy USA

14. Children and vulnerable customers

Our services are intended for adults. We do not knowingly collect personal data from children for contracting purposes. We make reasonable adjustments and support for vulnerable customers (priority services, alternative formats) in line with industry guidance and regulatory requirements. If you require assistance, contact us at the address in Section 2. britishgas.co.uk+1

15. Complaints and enforcement

If you are unhappy with how we process your data, please contact our privacy team at privacy@pesiliencepower.co.uk or by post (address in Section 2). You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk. For complaints about industry-specific matters (billing, supply), you may also contact Ofgem or Citizens Advice and follow the supplier complaint process. Ofgem+1

16. Changes to this policy

We may update this Privacy Policy to reflect changes in law, regulation, our services, or guidance. We will publish the updated policy on our website with the revised “Last updated” date. Where required, we will notify customers of significant changes. Octopus Energy

17. Additional information and requests

For further information or to exercise your rights, contact:
Privacy Teamprivacy@pesiliencepower.co.uk
Pesilience Power Ltd, [INSERT FULL ADDRESS], United Kingdom.