1. Introduction

1.1 Our commitment to privacy

We are committed to safeguarding the privacy of our clients, potential clients, suppliers and other individuals whose personal data we may collect.

1.2 Scope of this policy

This policy applies where we act as a data controller. This means we determine the purposes and methods for processing personal data relating to our clients, potential clients, suppliers or other relevant parties in the normal course of business.

We process personal data where:

  1. It is necessary to fulfil contractual obligations with the data subject
  2. It is required to meet our legal obligations
  3. It is necessary for our legitimate business interests

We also ask for your consent to use cookies in accordance with our Privacy and Cookie Policy when you visit our website.

1.4 Website privacy controls

Our website includes privacy controls that allow you to manage how your personal data is used. You can choose whether to receive direct marketing communications and control the visibility of your information. These settings can be accessed at https://nationwideutilities.com.

1.5 Definitions

In this policy, "we", "us" and "our" refer to Nationwide Utilities.

2. How we use your personal data

2.1 This section explains:
  1. The types of personal data we may process
  2. The purposes for which we may process it
  3. The legal bases for processing
2.2 Website usage data

We may process data about your use of our website and services. This may include:

  • IP address
  • Geographical location
  • Browser type and version
  • Operating system
  • Referral source
  • Length of visit
  • Page views
  • Navigation paths
  • Timing, frequency and pattern of service use

This data is used to analyse website and service usage. The legal basis is our legitimate interest in monitoring and improving user experience.

2.3 Account data

We may process your name, email address and related account details. This data is used to operate the website, provide services, ensure security, maintain backups and communicate with you. The legal basis is the performance of a contract or steps taken at your request.

2.4 Service data

We may process data provided in the course of using our services. This data is used to deliver services, maintain security, operate the website and maintain backups. The legal basis is the performance of a contract or steps taken at your request.

2.5 Enquiry and prospect data (direct)

We may process data submitted through enquiries about our goods or services. This data is used to offer, market and sell relevant goods or services. The legal basis is consent.

2.6 Enquiry and prospect data (third-party)

We may process data from third-party sources relating to individuals with a business interest in energy management. This data is used to promote our services to relevant businesses. The legal basis is our legitimate interest in providing energy services and making contact with professionals responsible for energy decisions.

2.7 Transaction data

We may process transaction-related data when you purchase goods or services through our website. This includes contact and transaction details. The data is used to fulfil the purchase and maintain proper records. The legal basis is the performance of a contract and our legitimate interest in business administration.

2.8 Employee data

We may process personal data in the course of employment. Full details are set out in our Employee Privacy Notice.

2.9 Applicant data

We may process data provided as part of a job application. Full details are set out in our Applicant Privacy Notice.

2.10 Marketing data

We may process data submitted when subscribing to email updates or newsletters. This is used to send relevant communications. The legal basis is consent.

2.11 Correspondence data

We may process data relating to communications with you, including content and metadata. This is used for communication and record-keeping. The legal basis is our legitimate interest in managing communications and records.

2.12 Legal claims

We may process personal data where necessary to establish, exercise or defend legal claims. The legal basis is our legitimate interest in protecting legal rights.

2.13 Risk management and insurance

We may process personal data for risk management, obtaining professional advice or maintaining insurance. The legal basis is our legitimate interest in protecting the business.

2.14 Legal obligations and vital interests

We may process personal data where required by law or to protect your vital interests or those of another person.

2.15 Third-party data

Please do not provide personal data about others unless we explicitly ask you to do so.

3. Providing your personal data to others

3.1 Group companies

We may disclose your personal data to other companies within our group, including subsidiaries and our ultimate holding company, where reasonably necessary for the purposes outlined in this policy and where legally justified.

3.2 Regulatory and legal authorities

We may share your personal data with regulatory authorities such as Ofgem, or with the police, when required to meet supply licence obligations or for fraud prevention, detection or other legal matters.

3.3 Insurers and professional advisers

We may disclose your personal data to our insurers or professional advisers where this is necessary to obtain or maintain insurance coverage, manage risk, obtain legal or financial advice, or handle legal claims.

3.4 Suppliers and subcontractors

We may share your personal data with suppliers or subcontractors where necessary to perform a contract with you or to take steps at your request.
If you use our online price comparison service, we will share your information with energy suppliers to generate quotes and manage your switch. When you purchase products or services from these suppliers, their own privacy policies will apply.

3.5 Legal requirements and vital interests

We may disclose your personal data to comply with legal obligations, or to protect your vital interests or those of another individual. We may also disclose your data where necessary for the establishment, exercise or defence of legal claims.

4. International transfers of your personal data

This section explains when and how your personal data may be transferred outside the European Economic Area (EEA).

4.1 Group company locations

We and our group companies have offices and facilities in the United Kingdom, the United States and Australia. This may involve the transfer of personal data to these countries where necessary for operational or support purposes.

4.2 Public access via the internet

If you submit personal data for publication on our website or through our services, it may be accessible worldwide via the internet. We cannot prevent the use or misuse of such publicly available information by others.

5. Safeguarding, Retaining and Deleting Personal Data

This section outlines our data safeguarding and retention policies and procedures, which are designed to ensure compliance with our legal obligations regarding the handling, storage, and deletion of personal data.

5.1 Safeguarding Protocols
  1. We are committed to protecting personal data through the following measures:
  2. Personal data is kept to a minimum and only retained where necessary to support the legitimate interests of our business and those of our clients.
  3. Data is encrypted and securely transferred while in transit.
  4. Physical environments are secured through restricted access, controlled by authorised card passes.
  5. Access to applications and data sets is managed via role-based permissions.
  6. Firewalls and antivirus/malware protection are in place across systems.
  7. Where appropriate, data is anonymised or obfuscated.
  8. Data retention and destruction policies are enforced.
  9. Tools and procedures are in place for the secure removal of personal data.
  10. A data breach policy is in place, supported by response procedures.
5.2 Data Retention Principles

We will not retain personal data for longer than is necessary for the purpose(s) for which it was collected.

5.3 Retention Periods

The retention periods for different categories of personal data are as follows:

  • Website usage data – retained for 2 years.
  • Account data – retained as long as the client relationship is active. For terminated clients, data is retained for 6 years to comply with financial regulations.
  • Service data – retained during the client relationship and for 6 years after termination, in line with financial legislation.
  • Prospect data – retained during ongoing engagement and for 6 years after termination, under our legitimate interest in defending against potential legal claims, including fraud.
  • Transaction data – retained during the client relationship and for 6 years after termination to meet financial and legal obligations.
  • Marketing data – retained during the client relationship; for non-client contacts, data is retained for 2 years.
  • Correspondence data – not retained beyond the conclusion of the relevant interaction or relationship.
  • Employee data – retained for up to 7 years post-employment in accordance with legal requirements (see our employee privacy notice).
  • Applicant data – retention periods are detailed in our applicant privacy notice.

5.4 Legal Exceptions

We may retain personal data beyond the periods listed above where necessary to comply with a legal obligation or to protect your vital interests or those of another individual.

6. Your rights

6.1 Summary of rights

This section outlines the rights you have under data protection law. Some rights can be complex and may depend on specific circumstances. For full guidance, you should refer to the relevant legislation and regulatory authority resources.

6.2 Your key rights under data protection law include:

The right to access your personal data

  • The right to have inaccurate data corrected
  • The right to have your data erased
  • The right to restrict how your data is processed
  • The right to object to processing
  • The right to data portability
  • The right to lodge a complaint with a supervisory authority
  • The right to withdraw consent
6.3 Right of access

You have the right to know whether we process your personal data. If we do, you can request access to that data along with information about the purposes of processing, the categories of data involved and the recipients. If this does not affect the rights and freedoms of others, we will provide a copy of your data free of charge. Additional copies may be subject to a reasonable fee.

6.4 Right to rectification

You have the right to have any inaccurate personal data corrected. You also have the right to have incomplete data completed, based on the purpose of the processing.

6.5 Right to erasure

In some cases, you have the right to have your personal data deleted without delay. This applies if:

  • The data is no longer needed for the original purpose
  • You withdraw your consent
  • You object to the processing and there is no overriding legitimate reason to continue
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

There are exceptions. For example, we may retain data where it is needed:

  • To exercise freedom of expression or information
  • To comply with a legal obligation
  • To establish, exercise or defend legal claims
6.6 Right to restrict processing

In certain situations, you can ask us to restrict the processing of your data. This applies if:

  • You contest the accuracy of the data
  • The processing is unlawful but you oppose erasure
  • We no longer need the data, but you require it for legal claims
  • You have objected to processing and we are verifying that objection

When processing is restricted, we may store your data but will only process it with your consent, for legal claims, to protect others or where there is a strong public interest.

6.7 Right to object

You may object to our processing of your personal data if the legal basis is:

  • A task carried out in the public interest
  • Our legitimate interests or those of a third party
  • We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, or the processing is needed for legal claims.
6.8 Objection to direct marketing

You have the right to object to your data being used for direct marketing purposes, including profiling related to marketing. If you object, we will stop using your data for this purpose.

6.9 Objection to research or statistics

You may object to processing for scientific, historical or statistical purposes if it relates to your particular situation, unless the processing is required in the public interest.

6.10 Right to data portability

If the legal basis for processing your data is your consent or the performance of a contract, and the processing is automated, you have the right to receive your data in a structured, commonly used and machine-readable format. This right does not apply where it would affect the rights or freedoms of others.

6.11 Right to complain

If you believe your personal data has been processed unlawfully or in breach of data protection law, you have the right to lodge a complaint with a supervisory authority. You can do this in the country where you live, work or where the issue occurred.

6.12 Right to withdraw consent

Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. This does not affect any processing that took place before your consent was withdrawn.

6.13 How to exercise your rights

You can exercise your rights by contacting us in writing, by email, or verbally in most cases. Contact details are provided at the end of this policy.

Our commitment to data protection

Nationwide Utilities is committed to processing personal data lawfully, fairly and transparently. We ensure:

  • Personal data is collected only for specified, explicit, and legitimate purposes.
  • We only collect and process data necessary to fulfil operational or legal requirements.
  • We take reasonable steps to ensure data accuracy and keep it up to date.
  • Data is not retained longer than necessary for the purposes for which it was collected.
  • We protect personal data using appropriate technical and organisational measures, including secure physical storage, password protection, encryption, and access controls.
  • Data is not transferred internationally without appropriate safeguards.
  • Individuals’ rights under applicable data protection law are fully supported and upheld.

We also ensure:

  • A designated person (currently the Operations Director) is responsible for data protection across the organisation.
  • Staff who handle personal data are trained, supervised, and aware of their responsibilities.
  • Requests for access to personal data are handled promptly and in line with legal obligations.
  • Data sharing is governed by written agreements that define scope and responsibilities.
  • Any disclosure of personal data follows approved internal procedures.

Nationwide Utilities Ltd also has a legal obligation to provide employee liability information to any organisation that our employees are transferring to, in line with the Transfer of Undertakings Regulations (TUPE).

7. About cookies

7.1 What cookies are

A cookie is a small text file that contains an identifier made up of letters and numbers. It is sent by a web server to your browser and stored on your device. The identifier is sent back to the server each time your browser requests a page from the website.

7.2 Types of cookies

Cookies may be either:

  • Persistent cookies, which remain on your device until their set expiry date or until you delete them
  • Session cookies, which expire when you close your browser
7.3 Use of cookies

Cookies do not usually contain information that directly identifies you. However, personal data that we store about you may be linked to information stored in and collected from cookies.

8. Applicant privacy notice

8.1 Use of applicant data

As part of our recruitment process, Nationwide Utilities collects and processes personal data relating to job applicants. We are committed to being transparent about how we collect and use this information and to fulfilling our responsibilities under data protection law.

9. Amendments

9.1 Policy updates

We may update this privacy policy from time to time by publishing a new version on our website. You should review this page periodically to stay informed of any changes. Where appropriate, we may notify you of updates by email.

10. Contact us

10.1  How to contact us

If you have any questions about this privacy policy or how we handle your personal data, you can contact us at:

Nationwide Utilities
346 Kensington High Street
London
W14 4RL

Phone: 020 3475 2000

11. Data protection officer

11.1 Contact details

If you have any questions or concerns about how we handle your personal data, you can contact our Data Protection Officer:

Caroline Farrington
Nationwide Utilities
Email: accounts@nationwideutilities.com
Phone: 020 3475 2003

11.2 Raising a concern

If you have a concern about how we handle your personal data, please contact us directly. We are committed to resolving any issues promptly and transparently.

11.3 Escalating a complaint

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). The ICO will review your concern and may provide further guidance or require us to take corrective action.

Additional information

This privacy policy replaces all previous versions.

Nationwide Utilities
346 Kensington High Street
London
W14 8NS

Phone: 020 3475 2000

Nationwide Utilities is an energy broker offering utility services and specialist consultancy to businesses.
We are registered in England and Wales under company number 04125277. Our registered office is at 346 Kensington High Street, London, W14 8NS.