Customer Privacy Notice

This document (together with our contractual terms with you) sets out how the Opus Energy Group and Haven Power Limited use, sometimes jointly, personal information about prospective, current and past customers.

Opus Energy Group Limited is made up of different legal entities, including Opus Energy Limited, Opus Energy (Corporate) Limited, Opus Gas Supply Limited, Donnington Energy Limited, Farmoor Energy Limited, Abbott Debt Recovery Limited and Opus Energy Renewables Limited (the “Opus Energy Group”). This privacy notice is issued on behalf of the Opus Energy Group and an associated group company, Haven Power Limited. So, when we mention “Opus Energy”, “Haven Power”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in the Opus Energy Group or Haven Power Limited who are all part of the Drax group of companies and are responsible for processing your personal data.

Opus Energy and Haven Power provide energy and related products and services to the business community. Our collection of personal data is therefore limited to the personal information of individuals representing our customers that will enable us to manage our commercial relationship with you, as explained further in this notice. You will have entered into a contract with either Haven Power or Opus Energy but within the Drax group of companies, each company is working together to align systems and processes to better serve you as a customer, which means you will be offered a more efficient and cost effective service.

This notice only applies to our use of “personal data” about “data subjects” (as defined by data protection law and called personal information in this notice) which includes personal information relating to our prospective, current and past customers who are sole traders or non-limited partnerships, and contacts at corporate customers (“you” or “your”). This notice does not apply to information which you provide to us or which we collect about corporations (e.g. limited companies).

We will be the joint data controllers of your personal information which you provide to us or which is collected by us from you or third parties, such as your broker, if you have one. This means that we are responsible for deciding how we hold and use personal information about you and that we are required to notify you of the information contained in this notice. It is important that you read this notice so that you are aware of how and why we are using such information and how we will treat it.

The information which you provide to us may include information about other individuals who are associated with the management of your business, the administration of your account with us or, contacts within your business. If you provide us with information about such individuals, it is important that you provide them with a copy of this notice prior to providing us with the information and that you provide them with any updated notices we provide from time to time.

Our Data Protection Practitioners are responsible for overseeing questions in relation to this notice and are contactable via Opus Energy or Haven Power respectively on data.protection@opusenergy.com or data.protection@havenpower.com. You can also contact us using the details provided at the end of this notice in the “Contacting Us” section.

We will collect various types of personal information from you. Further details of how we use your personal information are set out below.

In the section below, we have indicated with asterisks whether we need to process your personal information:


Providing you with a Quote

When you or your broker request a quote from us via our website, or by email, or telephone, we will need to collect the following information about you to allow us to provide that quote**:

We will not be able to provide a quote to you unless you provide the information shown in bold above. If you do not wish to proceed following receiving your quote, we will delete your personal information.

Electricity Central Online Enquiry Service - ECOES

As we prepare your quote, we will use your MPAN number to check the ECOES database to determine what type of meter you are using. This will help us to provide an accurate quote to you.

Onboarding you as a Customer

If you join us as a customer, we will need to collect the following additional information about you to allow us to complete the customer onboarding process (including verifying your identity and carrying out a credit check)* and to provide to you the products or services you have requested from us:

If it is required in order to take over your energy supply, we may ask your previous energy supplier for information about you, including information about your metering equipment, meter readings and any charges you may owe your previous supplier*.

Managing your Account

Whilst you are our customer, we will collect the following information to allow us to manage your account, analyse and monitor your energy consumption for billing purposes/* and continue to provide the products or services you have requested from us:

We may also continue to carry out credit checks on you whilst you have an account with us for the purpose of making credit decisions about you in order to administer your account** (see the Credit Checking section below).

Whilst you are with us as a customer and you advise us of any personal data relating to your health (i.e. you wish to be treated as a ‘vulnerable customer’), we will only process that data with your explicit consent.**

Recording and Monitoring

We will record and monitor communications with you by telephone for the purposes of quality assurance, our mutual protection, staff training, improving our customer service, fraud detection, compliance with our regulatory requirements and, if you are a customer, administering your account**.

Credit Checking

During the customer onboarding process and whilst you have an account with us, we may use the above personal information to search the files of credit reference and fraud prevention agencies for the purposes of making decisions about your customer account, assessing your creditworthiness and product suitability, checking your identity, managing your account, tracing and recovering debts and preventing criminal activity/*.

Credit Reference Agencies (“CRAs”) collect and maintain information about credit behaviour. This includes data sourced from the Electoral Register, fraud prevention, and credit information - including details of previous credit applications and your payment history - and public information such as County Court Judgements, and bankruptcies. CRAs will give us information about you such as your financial history.

When a credit check is carried out on you, your credit records will be searched, along with any financially associated individuals such as your spouse or partner when you are a sole trader. The CRA will keep a record of this search and place a "footprint" on your credit file.

The information we provide to credit reference agencies about you, such as your payment history, details of false or inaccurate information provided by you, or if we suspect fraud, may be provided to other organisations and used by them to:

We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at http://www.experian.co.uk/crain/index.html

Theft Risk Assessment Service

In order to facilitate the prevention, detection and any subsequent investigation of energy theft, all UK energy suppliers are required by law to provide information about their customers and the results of theft investigations to a central database, managed by a fraud prevention agency on behalf of the energy industry. This project is known as the Theft Risk Assessment Service (“TRAS”).

If we suspect or can confirm that you are involved with any cases of fraud or energy theft, we will record this information and share it with TRAS***. The information that we provide to TRAS will be linked to other information which the fraud prevention agency holds, including information provided by other energy suppliers. This information may be provided to other UK energy suppliers with whom you have an account to help them investigate and prevent the theft of energy. Equally, TRAS may provide information provided by other energy suppliers to us to help us identify potential fraud or theft of energy.

We may use such information to make decisions about you, including the products and services that we offer to you and the terms and conditions on which those products and services are made available to you.

The information provided to or by TRAS will not be used for any other purpose, unless required or permitted by law.

Other uses of your information

We may also use your personal information in the following ways:


We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will usually notify you and we will explain the legal basis which allows us to do so.


We may share your personal information with the third parties set out below for the purposes described above:

We require all service providers and Drax group companies that we share your personal information with to respect the privacy and security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers, including Drax group companies, to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

Most of the personal information we collect about you is based in the United Kingdom or in some cases, a service provider or their sub-processor may be based elsewhere in the European Union (EU) and so, they are required to comply with European data protection law. On occasion, we may appoint a third-party service provider whose operation or a server or sub-processor may be based outside of the EU. As part of our Vendor Management Policy, we carry out due diligence on our third-party providers and assess whether your personal information will be transferred to them or accessed by them from outside the EU. If that is the case, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

If you would like to know the specific mechanism used by us when transferring your personal information out of the EU, please contact us using the details set out in the “Contacting Us” section at the end of this Notice.


We will only keep your personal information for as long as necessary to fulfil the relevant purpose(s) we collected it for, as set out above in this notice, and for as long as we are required to keep it for legal purposes.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

For example, by law, we must keep basic information about our customers (including contact, identity, financial and transactional data) for six years after they cease being customers for tax purposes. In some circumstances:

Article 45 of the General Data Protection Regulation

Article 46 of the General Data Protection Regulation

Article 46 of the General Data Protection Regulation

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know that information. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator where appropriate.


Data protection laws provide you with the following rights where we are processing your personal information (but not in respect of information about a corporation); to:

You also have the “right to object” to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

You have the right to make a complaint at any time to the data protection regulator, the Information Commissioner’s Office (ICO). The ICO can be contacted by telephone on 0303 123 1113 or by post as follows: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or via email at casework@ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance using any of the details set out below in the “Contacting Us” section.


Any changes we make to our notice in the future will be posted on our website and, where appropriate, notified to you in writing.


If you have any queries, comments or requests regarding this notice or you would like to exercise any of your rights set out above, you can contact us as follows:

For Opus Energy customers:

For Haven Power customers:

Updated: August 2019