Eneco Group is a group of companies active in the energy sector. Together with our clients and partners we have the mission: Sustainable energy of everyone, so that people take control over their energy. With our consistent direction we are leaders in the field of sustainability and innovation. We offer added value to consumers and companies with smart products and services nationally and internationally. We also make a social contribution by generating and delivering green energy. In order for this energy transition to proceed successfully, it is necessary that we include the protection of personal data as a strict precondition in the development of such new services.
Eneco Group believes your privacy is important. Your personal data is therefore carefully processed and secured. Eneco Group adheres to the General Data Protection Regulation (hereafter: "GDPR") and other privacy legislation when processing personal data.
Eneco Group processes personal data. We would like to inform you clearly about this. In this privacy statement we provide answers to the most important questions about the processing of personal data by Eneco Group in the Netherlands. For example, in this privacy statement we explain how we process your data and the reasons for which we do so. We also tell you what you can determine about the use of your data. This privacy statement applies to every Eneco Group service where personal data is processed. We explain this below.
Processing of personal data
‘Processing’ means: everything that can be done with personal data. For example, collecting, but also storing, retrieving, using, connecting and deleting data from our administration. Accordingly, this is a very broad concept.
‘Personal data’ means all data that directly or indirectly say something about a natural person. For example your name and address, but also - in combination with that - your energy use data.
Eneco consists of the N.V. Eneco Beheer and the legal entities and companies associated with it in the (Eneco) group ("group companies"). Where we refer to Eneco in this privacy statement, we mean the Eneco Group in the Netherlands.
The Eneco group companies that process personal data in accordance with this privacy statement are:
- Eneco Consumenten B.V.
- Eneco Zakelijk B.V.
- Eneco eMobility B.V
- Eneco Installatie Bedrijven B.V.
- Eneco Services B.V.
- Eneco Warmte & Koude B.V.
- Eneco Warmte & Koude Leveringsbedrijf B.V.
- Eneco Warmtenetten B.V.
- Eneco Smart Energy B.V.
- Eneco Wind B.V.
- Eneco Solar, Bio & Hydro B.V.
- Quby B.V.
All Eneco group companies mentioned above process personal data in the performance of their services. Do you want to know which part of Eneco is responsible for the processing of your personal data? If so, please contact the Eneco group companies via the above link where you purchase products and/or services.
We process data of people with whom we have, wish to have, or have had, a customer relationship. This includes the personal data of, for example:
- (former) customers;
- people who show interest in our products and services, or
- people connected to a company or organization with whom we have a customer relationship, wish to have such a relationship or have had such a relationship.
If a company or organization has a customer relationship with Eneco and gives contact details of its employees to us, that company or organization is obliged to inform those employees. In this privacy statement, those employees can see how we handle their personal data.
We may process personal data of third parties with whom we do not have or have a customer relationship, for example if you rent a house including energy. Or to protect your and our interests, for example in the context of fraud prevention and the inventory of stakeholders at infrastructure projects.
Eneco has personal data if you have provided it to us or you use our services and/or products. Eneco can also obtain this data by consulting public sources and/or by enriching data via third parties. Here you will find an overview of the categories of personal data as they are processed per Eneco group company.
Eneco uses the following retention periods. If you contact us but decide not to become a customer, we will retain your personal data for a maximum of three months. If you become a customer, we will retain the personal data required for the execution of the contract as long as you are a customer and for a maximum period of three years (customers) or five years (business customers) after the end of the customer relationship. In this period, we only use your personal data to conclude the contract with you and to approach you occasionally with the request to become a customer again.
In addition, we use your personal data during that period for internal analyses, forecasts and process improvements and for legally required reports (for example to a supervisory authority). We can keep the personal data needed for (threatened) (extra) judicial proceedings for more than two years. More specifically, we can keep the personal data retained for these purposes as long as necessary for the proceedings and up to a maximum of twenty years. We store personal data that are required to comply with the legal obligations imposed by the tax authorities for up to seven years after the end of the customer relationship.
Entering and performing a contract between you and Eneco
a) To enter into and establish a customer relationship with you
If you want to become a customer or if you want to purchase a new product or a new service, we need personal data. For example, energy suppliers may conduct a credit check with all new customers to assess whether we can accept you as a customer, or that we first ask you for a deposit before we can process your application.
For this we can also use information about you that we receive from others. For example, the company that performs the creditworthiness survey for us.
b) To be able to perform the contract
If you are our customer, we want to be of service to you. We process your personal data for the performance of the contracts that we have concluded with you or a third party (for example with your landlord if you rent a house including energy) and for the provision of our services to you. We cannot provide you services without using your details. We use your name and (e-mail) address information for our administration and to maintain contact with you. We also use your personal data for answering your questions and handling complaints and disputes, also after the expiration of the contract. We record conversations, for example phone calls and chat sessions that you conduct with us. This also applies to the questions you ask us by e-mail, mail, app, chat or telephone. We do this for training purposes (legitimate interest) and to allow us to check our agreements with you at a later date and in the context of (legal) evidence. But we also need your data, for example, to make our service provision technically possible.
We can process your personal data in order to be able to send your (annual) invoice(s) and collect it and to keep track of what energy or services you have used in the past period. We also use the data to determine a new instalment payments. If you have given a debit authorization when entering into the contract, we will collect the (instalment) amounts from your account on a monthly basis.
If you do not pay your (annual) bill(s) (on time), even after we have sent you a reminder, we can transfer our claim on you to a third party for collection. This party will then receive from us the details that are required to collect the claim, such as your name, address details and the invoice in question.
Eneco offers part of its services via the Eneco App. The personal data Eneco processes can also be processed via the Eneco App. You can find more information about this in the App. If you have a smart meter and use the Eneco App, we use your (measurement) data to give you insight into your energy use.
c) To enter into and perform contracts with suppliers and business customers
If you have contact with Eneco for professional purposes, we can process your personal data. For example, to determine whether you can represent your company. Or to maintain contact with the company you work for.
d) To meet legal obligations
Eneco may also be required by law to cooperate with a request to provide customers' personal data to competent government bodies, such as a regulator (for example the Authority for Consumers and Markets ("ACM")), a municipality, the Dutch Tax Authority or the police. Further processing of these data is the responsibility of those government agencies. We only cooperate with such request if we have determined that this request meets the legal requirements.
Because we have to meet legal obligations, we also process your data in the context of audits.
Eneco also adheres to the Smart Meter Code of Conduct for energy suppliers. This code of conduct contains rules of conduct about the use, recording, exchange and retention of data obtained from a smart meter. If the data from a smart meter applies to you, but you are not a customer of Eneco, for example you are a tenant of our customer, then you also have the rights listed under the heading Rules & Rights.
Eneco concludes a connection agreement with you on behalf of your network operator and exchanges your personal data in connection with the network operator.
Furthermore, we also process your personal data for the collection of receivables for third parties. For example, the network management costs of your network operator that we charge you and then transfer to your network operator.
e) Eneco may also ask you for consent to process certain personal data.
For example, to inform you about (new) relevant products and services from other Eneco group companies and/or activities and actions that Eneco organizes in cooperation with carefully selected partners, such as Day Trips.
If you have a smart meter, with your consent, we request your meter readings from your network operator on a daily basis. The network operator records the meter data and provides it to us on a daily, hourly and quarterly basis. For example if you want to make use of our energy use and insight services with which we provide insight into your energy use and costs. If you have given consent for this, you can withdraw it at any time. This can be done via My Eneco or by contacting our Customer Service. Withdrawing your consent does not have retroactive effect.
At Heat, with your consent we use measurement data to control our heat networks as efficiently as possible.
f) For the development and improvement of our products and services
In order to be and remain at your service, we are constantly working on the development and improvement of our products and services. In some cases we process personal data for this. We do this, among other things, for quality purposes. For example if you ask a question about a product.
g) For our business management
We may process your personal data to the extent necessary to provide management information and for determining our general strategy and policy.
h) For promotional and marketing purposes
Your personal data will also be used by Eneco for promotional and/or marketing purposes. For example, to inform you about (new) relevant Eneco products and services and/or activities. Eneco uses profiling for this.
Profiling is any form of automated processing of personal data, whereby personal aspects of you are evaluated on the basis of personal data. Eneco applies this, for example, to analyse or predict personal preferences, interests and visitor behaviour. We can also use information about you that we purchase from others. This allows us to better tailor the content of our information and offers to your interests. At Eneco no automated decision-making based on profiling takes place, if there are legal consequences for you or if the decision affects you to a considerable extent.
This communication for promotional and marketing purposes takes place by e-mail, app, telephone or e-mail. If you do not appreciate this communication, you can unsubscribe via the unsubscribe option provided in these messages. You can also report this to the Eneco department where you purchase services or products by e-mail to firstname.lastname@example.org or in writing to Antwoordnummer 5166, 3000 VB Rotterdam.
If you are no longer a customer, we can still approach you with an offer to become a customer again, unless you have opted out. For this purpose, Eneco applies a maximum retention period of two years, beginning at the end of the customer relationship.
When you visit our website, we may connect the data relating to your use of our website to the other information about you known to us to improve our service to you and to show you relevant advertisements. We can also use the data for carrying out analyses to put more specific information on the sites for you. With this Eneco can further improve its services and adapt it to the wishes of customers. In addition, we combine your online surf, search and customer behaviour to make you relevant offers and recommendations online and/or offline, tailored to your preferences or interests and to optimize our campaigns. We do this on the basis of cookie techniques and techniques comparable to cookies. This is explained in our cookie statement.
i) For statistical and scientific purposes
We can also use your data we have recorded to perform analyses and conduct research, even if we no longer need this data for other purposes. This means that the data will only be used for historical, statistical or scientific purposes.
Links to other sites
- Special personal data
Special personal data is health data, data on religious or philosophical convictions, ethnic data or data concerning race, political opinions, union membership, biometric data for the unique identification of a person, genetic data and data related to a person's sexual behaviour or sexual orientation. Eneco does not process any special personal data, unless this is permitted by law. Are you asking us to record special personal data about you or do you make this information public? Then we only process this data if this is necessary for our services.
Criminal law personal data
Another category of data concerns the criminal law data. This concerns the processing of personal data concerning criminal convictions and criminal offenses or related security measures. It also concerns personal data concerning a prohibition imposed by the court in connection with unlawful or obstructive behaviour. Eneco can also process this data if the law permits or in the context of investigations into criminal offenses or obstructive and/or (previously shown) aggressive behaviour.
Eneco can provide your personal data to service providers, which we use for our operations or the execution of our services and which process personal data on our request. Eneco can, for example, call on service providers for IT support or for the settlement or delivery of our services. Eneco provides service providers with data that are necessary for the service. Eneco obliges the service providers with whom Eneco shares personal data to use such data exclusively in connection with the relevant service provision to Eneco or to comply with legal obligations. The service providers are only allowed to act on instructions provided by Eneco. Eneco obliges these service providers to adequately secure the data technically and organizationally and to keep it confidential.
Although Eneco's preference is to engage service providers in countries within the EEA where an adequate level of protection applies, the service providers that Eneco engages can be located all over the world. This can therefore lead to transfers to third parties in countries that do not have the same level of protection of personal data as the Netherlands.
However, Eneco only engages such parties if an adequate level of protection and security can be offered by these third parties. For example, because these countries have been designated by the European Commission as countries with a comparable level of protection, it concerns transfers based on the EU-US Privacyshield or by using the EU model clauses. These are standard contracts drawn up by the European Commission for the transfer of personal data to a country that does not offer the same level of protection as within the EEA.
Your personal data may be subject to investigation by competent national authorities of the countries where such data is processed, both during and after processing. In addition, Eneco can become legally obliged to provide your personal data to government bodies, regulators, police or, for example, appointed advisors (such as an administrator or lawyer).
Your personal data will not without your consent be sold to third parties, who will further process the data processed for their own purposes.
Rules and Rights
You have a number of rights with regard to the personal data that Eneco has about you. These rights are explained below. Rights are not absolute, there may always be possible exceptions that result in a situation where we cannot comply to your request. If so, we will explain the circumstances to you.
If you send Eneco a request about one of these rights, Eneco will respond to this within four weeks. You can submit your request by mail or by e-mail. Send your request to Eneco citing 'Privacy' in writing to Antwoordnummer 5166, 3000 VB Rotterdam or by e-mail to email@example.com. In the request you must specify (as far as is possible) the personal data to which your request relates. You must also provide together with your request your name, address and telephone number. Making a request is free of charge unless you make unfounded or excessive requests.
Before we can comply with your request, we are legally obliged to identify you. There are several ways to make a copy of your identity document without having to copy your passport photo and the citizen service number (BSN). See, for example, the Copy ID app of the National Government.
Right of access to your personal data
You have the right of access to your personal data. This means that at the Eneco department where you purchase services and/or products, you can request which personal data is processed and for which purposes that data is used.
Right to rectification of your personal data
You have the right to have your personal data rectified or completed if this information is incorrect or inaccurate.
Right to erasure (“right to be forgotten”)
You can also request Eneco to erase your personal data. Eneco does not always have to comply with such request. If you withdraw your consent to processing Eneco does not have to erase your personal data if there is another legal basis for processing that data. For example, Eneco will not delete the personal data if Eneco is legally obliged to keep your data or because the data are required to provide services to you.
Right to object
You can object to the processing of personal data for direct marketing or because of your specific situation. This only applies to processing under the basis of legitimate interest.
Right to restriction of processing
If you think that the processing of your data by Eneco is unlawful or if Eneco no longer needs your data, but you do not want this data to be erased, you can request a restriction of the processing. Your data will then be stored but will in principle not be used anymore. The request for restriction can also be made if you are still waiting for access to your data or an answer to your objection to the use.
Right to data portability
You can request Eneco to provide the data that Eneco has from you to you (electronically) or you can request Eneco to transfer this data to another entity.
The right to data portability applies only to personal data collected on the basis of consent or on the basis of the entry into, and performance of, a contract.
In addition, it only applies to personal data provided by, and related to, you. This includes both personal data that have been actively and consciously provided by you (such as your e-mail address when entering into your contract with Eneco), as well as personal data that has been provided by using a device or service (for example data collected via the Eneco App or Toon). Derived data (for example an interest profile built up by registering visitor behaviour) is explicitly excluded from the right to data portability.
When processing personal data in the Netherlands, Eneco is bound, among other things, to:
- The General Data Protection Regulation ('GDPR')
- The Smart Meters Code of Conduct for energy suppliers
- The Processing Code of Conduct for Other Services Providers
- The Telecommunications Act
The Smart Meters Code of Conduct for energy suppliers and the Processing Code of Conduct for Other Services Providers are approved by Dutch Data Protection Authority.
Your personal data will be stored carefully and no longer than is necessary for the purpose for which it was processed. Within Eneco, your personal data can only be used by employees who need to have access to this, given their function. Our employees have a duty of confidentiality. Do we want to use data for a purpose other than that for which they were originally processed? Then we can only do that when there is a close relationship between the two purposes.
Your personal data can also be exchanged between the business units of Eneco. But only if there is a ground to do so and if this is compatible with the purpose for which the data was collected.
Eneco takes appropriate technical and organizational measures to protect your personal data against destruction (accidental or unlawful), loss, misuse, forgery, unauthorized access or spreading or any other form of unlawful processing of your personal data. For example, Eneco can use encryption, access codes and pseudonymisation of personal data. In doing so, Eneco weighs the risks, the technical possibilities and the implementation costs.
Eneco believes it is very important that your data is secure. If, for example, data has been lost or accessible where it shouldn’t, we would appreciate it if you inform us as soon as possible. So that we can contact the data subjects involved and inform the regulator about this where necessary. You can do this via firstname.lastname@example.org. Mention your name in your e-mail, possibly the organization you work for, your telephone number and a short description of the data breach.
Eneco adheres to the notification requirement for data breaches. This means that we report a serious data breach of personal data to the Dutch Data Protection Authority within 72 hours after having observed the data breach. Have you discovered a (possible) data breach? Please notify us as soon as possible, but in any case within 24 hours after you have detected the data breach. More information.
For questions or complaints about the processing of personal data by Eneco, you can send an e-mail to email@example.com or in writing to Antwoordnummer 5166, 3000 VB Rotterdam citing ‘privacy’ and the department where your services and/or products are purchased.
In addition, you can file your questions or complaints about the processing of personal data with the Data Protection Officer ("DPO") that Eneco has appointed to supervise compliance with the GDPR. In that case, you can contact the DPO directly, who can be reached by e-mail via firstname.lastname@example.org. You can also contact the Dutch Data Protection Authority directly to file a complaint.
Yes, our privacy statement may change from time to time. Changes in law or in our services and products may have consequences in the way we process your personal data. In that case the privacy statement will be adjusted and we will inform you about it. You can always find the latest version of our privacy statement at this website.
Version: 3 February 2020
- Eneco uses two types of data storage in your browser when offering its services online: cookies and local storage.
- For research, website optimization and improving the user experience.
- To store your preferences entered on the website.
- To inform you as well as possible about our products and services. We show you content and information that is most relevant and/or tailored to your preferences or interests.
Our website uses more cookies that are useful, but not necessary. These cookies allow you to give feedback or share messages on social media and enable us to show you more relevant advertisements on websites of third-parties. These cookies may collect data outside of our website. However, we only put these cookies on our website after you have given us your consent. Consent can always be withdrawn. You can do this by changing your browser settings.
Would you prefer that no cookies are stored on your browser? You can turn them off in your browser settings. Note: this means that all the functionalities of the website may not work on your desktop computer, tablet or smartphone.
Here you find an overview of cookies, with their associated functionalities, that are always stored on your desktop computer, tablet or smartphone when you visit our website. We also list whether your consent is needed to store the cookie.
- Sometimes data is not stored in a cookie, but in the ‘local storage’ of your browser. Eneco uses HTML5 Local Storage to store data. These work in a similar way to cookies, but allows for more information to be stored. With local storage you decide how long the browser stores the data. This depends on your browser settings and/or how often you delete the history of your browser.
- A tracking pixel is an electronic file (size normally 1 x 1 pixel) that is attached to an e-mail (for example our newsletter). By using a tracking pixel, we can see if an e-mail has been read.