Smart DCC Limited (DCC) is the ‘controller’ of your personal data in relation to our Switching Services for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). Information about our non-switching activities is set out in our DCC main privacy notice here.
This Switching Services Privacy Notice ("Privacy Notice") explains what DCC’s role is, how we collect, use and share personal data about you in relation to our Switching Services, and how you can exercise your data protection rights under the UK GDPR. This Privacy Notice only applies to personal data that we collect and use in relation to our Switching Services and for which we are responsible for as a controller. This includes information about consumers who want to switch their energy provider, as well as information about business contacts that DCC interacts with in relation to the Switching Services for business purposes.
The Privacy Notice will outline what types of personal data will be collected and how it is used but please note that the personal data we collect will not enable us to directly identify by name any customers of the gas and electricity (‘energy’) suppliers which will have implications on the extent to which we can exercise our obligations under the UK GDPR, in particular in relations to Data Subject Rights requests.
DCC is a wholly owned subsidiary of Capita plc. As a licensee of the Department of Energy Security and Net Zero (DESNZ) we are regulated by the Smart Meter Communications Licence ("DCC Licence") which is overseen by the Office of Gas and Electricity Markets ("Ofgem").
Under the DCC Licence, we are also required to comply with the Smart Energy Code (“SEC”), which is administered by the Smart Energy Code Administrator and Secretariat; and the Retail Energy Code ("REC"), the delivery of which is managed by the REC Code Manager. Under the above regulatory documentation, DCC is responsible for developing key technology that will facilitate smarter and more streamlined energy switching. DCC is also responsible for establishing and managing the data and communications network to connect smart meters to the business systems of energy suppliers, mobile telecommunication network operators and other authorised service users of the network.
About the Switching Services and DCC's role in delivering Switching Services
In February 2015, Ofgem published a decision to implement a programme for fast and reliable switching between energy suppliers by using a centralised registration service. The purpose of this programme was to enable simple, streamlined and efficient switching between suppliers to the benefit of consumers. DCC is responsible for providing various services in relation to this programme (the Switching Services). In particular, DCC provides the following services in relation to the Switching Services:
Central Switching Service ("CSS")
DCC is responsible for managing and processing switching requests made on behalf of consumers. This is the core service that DCC provides in relation to the Switching Services.
CSS works as follows: a consumer initiates a switch request ("Switch Request") to indicate that they want to move to a new energy provider ("New Provider"), usually via an energy supplier website or price comparison website. This request is sent to DCC by the New Provider. DCC then contacts the consumer's old energy supplier ("Old Supplier") to notify it of the Switch Request. At this point, the Old Supplier has an opportunity to object to the Switch Request, if it has a legitimate ground to do so. If there is no objection, the Switch Request will be approved and the switch will go ahead. If there is an objection, the Switch Request will be denied and the New Provider will communicate why this has happened to the consumer, so the issue can be resolved and a new Switch Request can be initiated.
As part of CSS, DCC will also act as the holder of the "single version of truth" in relation to consumer address and energy supply data (the "Central Address Service"). Specifically, DCC will carry out cleansing activities and other accuracy measures to ensure that it holds the most accurate and up-to-date version of consumer address data. DCC then shares this information with relevant energy suppliers, to ensure that these parties hold the correct address data following a Switching Request. As well as sharing information with energy suppliers, information from the Central Address Service is also shared with other energy sector parties (for example organisations that like DCC are stewards of databases – such as for smart metering purposes). This is so that more accurate and up to date information held in the Central Address Service can cascade to other databases used by the energy sector to deliver their services.
Switching Service Management System
This is a support service for CSS. In providing SO, DCC is responsible for acting as a single point of contact to provide a mechanism for the energy suppliers to resolve technical issues and other service related issues with the CSS.
Switching Systems Integration Service ("SI")
This is a support service for CSS. In providing SI, DCC is responsible for general systems integration so as to enable switching requests from consumers. DCC must ensure that this integration complies with its obligations under the Retail Energy Code.
Switching Systems Assurance Service ("SA")
This is a support service for CSS. In providing SA, DCC is responsible for assurance services - to feedback to Ofgem periodic assurance reports and inputs about key milestones that have been achieved in relation to the Switching Services.
What personal data does DCC collect about you and why?
Depending on who you are, we will collect the following personal data about you in connection with the Switching Services:
Lawful basis for processing your personal data
DCC collects and processes your personal data to comply with its legal obligations under its DCC Licence. DCC is subject to express obligations in the DCC Licence in relation to the Switching Services. The Licence was granted to DCC under statutory powers of the Secretary of State and Ofgem.
Who does DCC share my personal data with?
We will disclose your personal data to the following categories of recipients:
- Third party energy companies or companies in the energy industry who are parties to the Smart Energy Code, Retail Energy Code (including the REC Code Manager and REC Performance Assurer), or who are otherwise involved in facilitating or enabling the Switching Services, or process personal data for purposes that are described in this Privacy Notice. This will include: energy suppliers, Meter Point Administration Service, Electricity Enquiry Service ("EES"), distribution network operators, gas transporters, UK Link, the Balancing and Settlement Code Company (BSCCo) Data Enquiry Service, Meter Asset Provider, equipment managers and price comparison websites. Each of these parties will act as a separate controller, so we recommend that you review their privacy notices for further information in relation to their activities and how they will use your personal data.
- Group companies or third party services providers who provide services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of the Switching Services). The following entities are key service providers to us for the purpose of providing the Switching Services:
- To any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
How does DCC keep my personal data secure?
We use appropriate technical and organisational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data. Specific measures we use include encryption of the personal data in transit and in storage across CSS and SO, authentication of messages and, in relation to privileged users of critical aspects of our Switching Services, two factor authentication. The CSS is also certified against ISO/IEC 27001.
International data transfers
The CSS is based in the UK. However, your personal data will be transferred to, and processed in, countries other than the country in which you are resident. These countries will have data protection laws that are different to the laws of the UK (and, in some cases, may not be as protective).
Specifically, our website servers are located in the UK, but our group companies and third party service providers and partners operate around the world. This means that when we collect your personal data it will processed in those other countries.
However, we have taken appropriate safeguards to ensure your personal data remains protected in accordance with this Privacy Notice. These includes implementing the European Commission’s Standard Contractual Clauses for transfers of personal data outside of the European Economic Area.
We retain personal data we collect from you for the duration of providing the Switching Services. When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. We will retain personal data in our archives for no more than seven years before it is deleted.
Your data protection rights
You have the following rights under the UK GDPR:
- You can access, correct, update or request deletion of your personal data.
- In addition, you can object to processing of your personal data, ask us to restrict processing of it or request transfer of your personal data.
- You have the right to complain to the Information Commissioner’s Office (ICO) about our collection and use of your personal data.
Further details on your data protection rights and how to complain to the ICO can be found on their website:
You can exercise your data protection rights by contacting us using the contact details provided at the end of this Privacy Notice.
You can find other helpful information about our Switching Services here:
Updates to this Privacy Notice
We will review this Privacy Notice at no later than one year intervals and will make any necessary amendments in response to e.g. changing legal, technical or business developments. When we review our notice we will state the date it happened.
This notice was last reviewed on: January 2024
How to contact us
If you have any questions or concerns about our use of your personal data, or wish to exercise your data protection rights, please contact us using the following details:
Smart DCC Ltd
Information Governance and Data Protection
0203 725 8656
Details about of Data Protection Officer can be found on our registration with the Information Commissioner’s Office: Information Commissioners - Data protection register - entry details (ico.org.uk)