Privacy Policy

The Energy Desk is committed to protecting your privacy. Should we ask you to provide certain information by which you may be identified, you can be assured that it will only be used by us in accordance with this privacy policy.

This privacy policy sets out how we will protect and use your information and personal data. This includes any data you’ve provided us with, any information we have learnt during your time as a customer of The Energy Desk, any information provided to us by other parties, and your marketing preferences.

Who we are

The Energy Desk (UK) Ltd (“we”, “us”, “our”) is a data controller responsible for your data.

Contact details:
The Energy Desk (UK) Ltd
10 Venus House, Mercury Rise
Altham Industrial Estate
Accrington, Lancashire, BB5 5BY

Email: enquiries@theenergydesk.co.uk
Telephone: 03330 151 221

Data Protection Officer: Zoe Chadwick
Email: zoe.chadwick@theenergydesk.co.uk

Telephone: 03330 151 221

What data we collect

We may collect, use, store and transfer the data listed below:

Identity (name, job title, home address, date of birth)
Contact (email address, telephone number, business address)
Financial (bank details, credit vetting information, credit score, company accounts, utility contract bills and payment records)
Business (general business details, trading type, microbusiness/small business customer classification)
Public (Companies House records, accounts and confirmation statements, other publicly available information on you or the business)
Supply (copies of utility bills and energy supply agreements, consumption data, industry data, supply numbers, meter and supply details, tariff information, Meter Operator and Data Collection/Aggregation agreements)
Authority (evidence of our permitted authority, Letters of Authority (LOAs), marketing permissions)
Correspondence (correspondence exchanged with you and your business (including call recordings), with suppliers, or other relevant industry bodies and third parties in connection with your personal data)
Technical (Technical data and analytics, IP addresses, demographic data, preferences, interests, website views – See our cookie policy for additional details: www.theenergydesk.co.uk/cookie-policy-uk)

Note

Under the UK GDPR, “personal data” only includes information relating to natural persons who can be identified or who are identifiable, directly from the information in question, or who can be indirectly identified from that information in combination with other information.

Although we aim to protect all information you provide us with, whether it is considered personal data or not, please be aware that not all types of information listed in this privacy policy will be considered personal data under the GDPR. Thus, we may not be subject to the same legal protections as personal data.

How we collect your personal data

During the course of business, we may collect your personal data in the following ways:

When you provide us with your personal data
When we are provided with details/copies of your energy contracts, utility bills, etc.
When we communicate with each other by phone, email, post, instant messaging, or fax
When you visit our website (See our cookie policy for additional details: www.theenergydesk.co.uk/cookie-policy-uk)
When you sign an LOA
When we communicate with energy suppliers, third parties, industry bodies, or other authorities (including credit reference agencies, fraud prevention agencies, or companies that introduce you to us or where we have introduced you to another company)

How we use your personal data and why

Under the UK GDPR, we must apply at least one of the following lawful bases for processing whenever we handle an individual’s personal data (lawful bases are set out in Article 6 of the UK GDPR):

Consent – the person has clearly given consent for us to use their information for a specific purpose
Contract – the processing is necessary for a contract we have with the person, or because they have asked that we take specific steps before entering into a contract
Legal obligation – the processing is necessary for us to comply with the law
Vital interests – the processing is necessary to protect someone’s life
Public task – the processing is necessary for us to perform a task in the public interest
Recognised legitimate interest – the processing is necessary for one of the pre-approved purposes. These are:
- safeguarding “vulnerable” people;
- responding to emergencies;
- preventing or investigating crime;
- national security, public security and defence; and
- sharing personal information with an organisation that needs it for their public task or function at their request.
Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the person’s information which overrides those legitimate interests.

Our primary purpose in processing your personal data is to provide you with our energy management and energy consultancy services. A list of the personal data we may use is below, along with our reasons for using it and the lawful basis for processing.

Purpose	Why	Lawful basis for processing
To provide energy management and energy consultancy services	To provide the requested services to you	Contract
To tender your supply to our network of energy suppliers (or service providers, where applicable) and to provide you with price comparisons and quotes	To provide the requested services to you	Contract
To facilitate and process energy/service agreements between you and your chosen energy supplier/service provider	To provide the requested services to you	Contract
To validate your personal data against industry data and other applicable sources to ensure accuracy	To ensure the information we have been provided with is accurate, and to limit any possibility of your agreements not going live with your energy supplier/service provider	Legitimate Interests
Communicating with you about any contracts or agreements we have facilitated for you	To ensure you are aware of the key contractual terms, important dates, and tariff information.	Legitimate Interests; Contract
Contacting you about any upcoming renewals	To ensure you do not miss the opportunity to search the market for renewal offers	Legitimate Interests
Responding to enquiries and support requests	To provide the requested services to you	Contract
Improving services and internal operations	To allow us to provide consistent services and improve on our customer offering; to make internal operations more efficient	Legitimate Interests
Marketing activities and promotions	To provide you with details of other services we or another third party may be able to provide, which would be of additional benefit to you	Consent
Compliance, legal obligations and record keeping	To ensure we are abiding by our legal obligations, ISO standards, compliance requirements, etc.	Legitimate Interests; Legal Obligation
To safeguard “vulnerable” individuals, notify appropriate authorities in the event of an emergency or risk to life	To provide relevant authorities with information required to safeguard “vulnerable” individuals and notify relevant authorities where there is an emergency or a risk to a person’s life	Recognised Legitimate Interest
To identify and prevent fraud	To ensure that we are not providing services to anyone undertaking fraudulent activity, and to allow us to notify the applicable authority where it is identified	Legal Obligation; Legitimate Interests
To conduct credit searches	To search for and provide quotes that customers are eligible for based on supplier credit requirements; to identify and prevent fraud; to ensure customers are provided with the most appropriate product/tariff quotes	Contract; Legal Obligation; Legitimate Interests
Staff training	To monitor the quality of the services we provide and ensure our staff are trained to the required standards	Legitimate Interests; Legal Obligation
Call recordings	Calls to and from the company are recorded for training and monitoring purposes. Recordings are retained for 6 years in line with our legal obligations and compliance requirements	Legitimate Interests; Legal Obligation
Payment for services	To allow us to receive any management fees due from a supplier for facilitating your agreement	Contract; Legitimate Interests
To provide third parties with information about you	If you are working with us through another consultant (meaning we facilitate their services for you) or were introduced by a third party, we may need to share information with your chosen consultant or the relevant third party. This helps them provide the agreed services or allows us to inform the introducer about your agreement status. Additionally, we may handle payments of management fees to the consultant or introduction fees to third parties, as applicable.	Contract

Notes

Where multiple legal bases are provided, each service/process will operate under only one of them. These are provided to show under what legal bases the various processes in our company may function.
Where we rely on legitimate interests, our interests include:
- operating and improving our services
- maintaining customer relationships
- ensuring efficient business operations
We may also use secure IT systems, cloud infrastructure and software, and AI-assisted tools (including Microsoft 365 Copilot and Anthropic) to help process information efficiently, support analysis, and improve service delivery – further information can be found in the following sections.

Who we share your personal data with

If you talk to us or use our services, we may share your personal data with one or more of the third parties listed below.

Our associated companies: personal data may be shared for administrative purposes or to provide you with additional services offered by another of our companies, such as TED Generation (TED Generation 2 Limited).

Energy suppliers and service providers: to provide you with the services, we will, in most cases, need to share your personal data with energy suppliers (e.g., British Gas, SSE, Npower) so we can ultimately provide you with quotes and facilitate any agreed contracts. Personal data may be shared with other service providers (e.g. Meter Operators, Data Aggregators/Collectors, Energy Infrastructure providers/contractors) to provide you with other services as part of our offering, such as Meter Operator contracts and site/infrastructure works.

Industry bodies: to provide you with services or to fulfil legal obligations and compliance requirements, we may be required to share your personal data with relevant industry bodies (e.g., Ofgem, The Energy Ombudsman, Distribution Network Operators, ECOES, Xoserve, and the Retail Energy Code).

Critical service providers: to provide us with necessary advice, legal support, and business services, we may process personal data with third parties that provide us with these critical services (e.g., IT providers, solicitors, accountants, business consultants, ISO consultants, web hosts, cloud storage providers, AI service providers operating as sub processors).

Advertisers and marketing agencies: where permitted, we may share your personal data with agencies we have contracted with to provide marketing services or social media management/advertising. Only limited information is provided, and only where consent is received for such a purpose.

Third Party Consultants/Introducers: If you are working with us through another consultant (meaning we facilitate their services for you) or were introduced by a third party, we may need to share information with your chosen consultant or the relevant third party. This helps them provide the agreed services or allows us to inform the introducer about your agreement status. Please ensure you consult your appointed consultant’s privacy policy, as in such cases, the relevant third party will act as the data controller and their privacy policy will apply.

Other third parties and sub processors: We may also use third parties and other sub processors to enable us to provide you with services, efficiently manage our business, support administrative efficiency, or comply with legal or other contractual obligations. These third parties are under contractual obligations to safeguard your data and use any personal data they are provided with for the sole purpose for which they have been provided the information. A list of the largest third parties we may use is listed below:

Signable – electronic signature software to facilitate contract/document signing
Adobe – document software
AWS/GCP – cloud storage/cloud computing services
Microsoft (including Copilot and Anthropic) – Secure business and productivity tools/software (including communication tools, Microsoft Office Suite, IT systems, administration software, and AI tools
Experian – credit checking tools
Xero – accountancy software
Citation ISO – ISO accreditation consultants
Retail Energy Code – ECOES/Xoserve industry data providers (industry body)

Some of our service providers operate internationally. This means your personal data may be transferred and processed outside the UK or the European Economic Area. Where this happens, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses (SCCs), UK International Data Transfer Agreements (IDTAs), Transfers to countries with adequacy regulations) to ensure that your data receives an equivalent level of protection.

Use of technology and systems

We use secure IT systems, cloud platforms, and productivity tools (including Microsoft 365 services such as Copilot) to process personal data.

These tools may be used to analyse and organise information, support customer service and internal processes, process information efficiently, and improve service delivery. When using these tools, we ensure that human oversight is maintained, AI tool outputs are verified for accuracy, and appropriate contractual and security measures are in place to protect personal data.

Retention periods of your personal data

We retain personal data for only as long as necessary:

Customer and contract data: typically up to 6 years after the relationship ends
Legal and compliance records: retained in line with legal obligations
Marketing data: until consent is withdrawn or deemed inactive

Retention periods may be extended where required by law or for legitimate business purposes.

Your legal rights

Under the GDPR, you have the following rights in relation to your personal data (“personal data” only includes information relating to natural persons who can be identified or who are identifiable, directly from the information in question, or who can be indirectly identified from that information in combination with other information):

Right to be informed: Individuals have the right to be informed about the collection and use of their personal data.
Right of access: Individuals have the right to access and receive a copy of their personal data and other supplementary information.
Right to rectification: The UK GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.
Right to erasure: The UK GDPR introduces a right for individuals to have personal data erased.
Right to restrict processing: Individuals have the right to request the restriction or suppression of their personal data.
Right to data portability: The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
Right to object: The UK GDPR gives individuals the right to object to the processing of their personal data in certain circumstances.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you would like to exercise any of your rights under the GDPR, please contact the Data Protection Officer using the contact details included in this notice.

Complaints

If you are unhappy with the way we are using your personal data, you can also complain to the UK Information Commissioner’s Office (www.ico.org.uk/make-a-complaint).

We are here to help and encourage you to contact us to resolve your complaint first. You can request a copy of our complaints procedure using the contact details set out in this notice, or view it on our website at www.theenergydesk.co.uk/customer-complaints-procedure.

Cookie Policy

Please see our separate cookie policy here: www.theenergydesk.co.uk/cookie-policy-uk.

Changes to this notice

We may update this notice from time to time. The latest version will always be available on our website at www.theenergydesk.co.uk/privacy-policy.

v2.0_09.06.2026