‘Processing’ means everything that can be done with personal data. For example, collecting, but also storing, retrieving, using, connecting and deleting data from our administration. Accordingly, this is a very broad concept.

‘Personal data’ means all data that directly or indirectly say something about a natural person. For example your name and address, but also - in combination with that - your energy use data.

Eneco consists of the N.V. Eneco and the legal entities and companies associated with it in the (Eneco) group ("group companies"). Where we refer to Eneco in this privacy statement, we mean the Eneco Group in the Netherlands.

The Eneco group companies that process personal data in accordance with this privacy statement are:

• Eneco Consumenten B.V.
• Eneco Zakelijk B.V.
• Eneco eMobility B.V
• Eneco Installatiebedrijven B.V.
• Eneco Services B.V.
• Eneco Warmte & Koude B.V.
• Eneco Warmte & Koude Leveringsbedrijf B.V.
• Eneco Warmtenetten B.V.
• Eneco Smart Energy B.V.
• Eneco Wind B.V.
• Eneco Solar, Bio & Hydro B.V.  

All Eneco group companies mentioned above process personal data in the performance of their services. Do you want to know which part of Eneco is responsible for the processing of your personal data? If so, please contact the Eneco group companies via the above link where you purchase products and/or services.

Eneco has an additional privacy statement for applying to Eneco, with information about which personal data is processed and for what purpose. 

We process data of people with whom we have, wish to have, or have had, a customer relationship. This includes the personal data of, for example:

• (former) customers
• people who show interest in our products and services, or
• people connected to a company or organization with whom we have a customer relationship, wish to have such a relationship or have had such a relationship.

If a company or organization has a customer relationship with Eneco and gives contact details of its employees to us, that company or organization is obliged to inform those employees. In this privacy statement, those employees can see how we handle their personal data.

We may process personal data of third parties with whom we do not have or have a customer relationship, for example if you rent a house including energy. Or to protect your and our interests, for example in the context of fraud prevention and the inventory of stakeholders at infrastructure projects.

Eneco has personal data if you have provided it to us or you use our products and/or services. Eneco can also obtain this data by consulting public sources and/or by enriching data via third parties, such as for carrying out a credit check. Here you will find an overview of the categories of personal data as they are processed per Eneco group company.

Eneco uses the following retention periods. If you contact us but decide not to become a customer, we will retain your personal data for a maximum of one year. If you become a customer, we will retain the personal data as long as you are a customer and for a maximum period of three years (customers) or seven years (business customers) after the end of the customer relationship. In this period, we only use your personal data to conclude the contract with you and to approach you with the request to become a customer again.

In addition, we use your personal data during that period for internal analyses, forecasts and process improvements and for legally required reports (for example to a supervisory authority). We can keep the personal data needed for (threatened) (extra) judicial proceedings for more than three years (customers) or seven years (business customers). More specifically, we can keep the personal data retained for these purposes as long as necessary for the proceedings and up to a maximum of twenty years. We store personal data that are required to comply with the legal obligations imposed by the tax authorities for up to seven years after the end of the customer relationship. 

Entering and performing a contract between you and Eneco

a. To enter into and establish a customer relationship with you

If you want to become a customer or if you want to purchase a new product or a new service, we need personal data. For example, energy suppliers may conduct a credit check with all new customers to assess whether we can accept you as a customer, or that we first ask you for a deposit before we can process your application.

For this we can also use information about you that we receive from others. For example, the company that performs the creditworthiness survey for us.

b. To be able to perform the contract

If you are our customer, we want to be of service to you. We process your personal data for the performance of the contracts that we have concluded with you or a third party (for example with your landlord if you rent a house including energy) and for the provision of our products and/or services to you. We cannot provide you products and/or services without using your details. We use your name and (e-mail) address information for our administration and to maintain contact with you. We also use your personal data for answering your questions and handling complaints and disputes, also after the expiration of the contract. We record conversations, for example phone calls and chat sessions that you conduct with us. This also applies to the questions you ask us by e-mail, mail, app, chat or telephone. We do this for training purposes (legitimate interest) and to allow us to check our agreements with you at a later date and in the context of (legal) evidence. But we also need your data, for example, to make our service provision technically possible.

We can process your personal data in order to be able to send your (annual) invoice(s) and collect it and to keep track of what energy or services you have used in the past period. We also use the data to determine a new instalment payments. If you have given a debit authorization when entering into the contract, we will collect the (instalment) amounts from your account on a monthly basis.

If you do not pay your (annual) bill(s) (on time), even after we have sent you a reminder, we can transfer our claim on you to a third party for collection. This party will then receive from us the details that are required to collect the claim, such as your name, address details and the invoice in question.

Eneco offers part of its services via the Eneco App. The personal data Eneco processes can also be processed via the Eneco App. You can find more information about this in the App. If you have a smart meter and use the Eneco App, we use your (measurement) data to give you insight into your energy use.

c. To enter into and perform contracts with suppliers and business customers

If you have contact with Eneco for professional purposes, we can process your personal data. For example, to determine whether you can represent your company. Or to maintain contact with the company you work for.

Legal obligation

d. To meet legal obligations

Eneco may also be required by law to cooperate with a request to provide customers' personal data to competent government bodies, such as a regulator (for example the Authority for Consumers and Markets ("ACM")), a municipality, the Dutch Tax Authority or the police. Further processing of these data is the responsibility of those government agencies. We only cooperate with such request if we have determined that this request meets the legal requirements.

Because we have to meet legal obligations, we also process your data in the context of audits.

Eneco also adheres to the Smart Meter Code of Conduct for energy suppliers. This code of conduct contains rules of conduct about the use, recording, exchange and retention of data obtained from a smart meter. If the data from a smart meter applies to you, but you are not a customer of Eneco, for example you are a tenant of our customer, then you also have the rights listed under the heading Rules & Rights.

Eneco concludes a connection agreement with you on behalf of your network operator and exchanges your personal data in connection with the network operator.

Furthermore, we also process your personal data for the collection of receivables for third parties. For example, the network management costs of your network operator that we charge you and then transfer to your network operator.

Consent

e. Eneco may also ask you for consent to process certain personal data.

For example, to inform you about (new) relevant products and services from other Eneco group companies and/or activities and actions that Eneco organizes in cooperation with carefully selected partners, such as Day Trips.

If you have a smart meter, with your consent, we request your meter readings from your network operator on a daily basis. Do you have heat from Eneco? Then Eneco is your energy supplier and Eneco Warmtenetten B.V. is your network operator. The network operator records the meter data and provides it to us on a daily, hourly and quarterly basis. For example if you want to make use of our energy use and insight services with which we provide insight into your energy use and costs. If you have given consent for this, you can withdraw it at any time. This can be done via My Eneco or by contacting our Customer Service. Withdrawing your consent does not have retroactive effect.

Legitimate interest

f. For the development and improvement of our products and services

In order to be and remain at your service, we are constantly working on the development and improvement of our products and services. In some cases we process personal data for this. We do this, among other things, for quality purposes. For example if you ask a question about a product.

g. For our business management

We may process your personal data to the extent necessary to provide management information and to execute our general strategy and policy. And for the purpose of optimising our operations.

h. For promotional and marketing purposes

Your personal data will also be used by Eneco for promotional and/or marketing purposes. For example, to inform you about (new) relevant Eneco products and services and/or activities. Eneco uses profiling for this.

Profiling is any form of automated processing of personal data, whereby personal aspects of you are evaluated on the basis of personal data. Eneco applies this, for example, to analyse or predict personal preferences, interests and visitor behaviour. We can also use information about you that we purchase from others. This allows us to better tailor the content of our information and offers to your interests. At Eneco no automated decision-making based on profiling takes place, if there are legal consequences for you or if the decision affects you to a considerable extent.

This communication for promotional and marketing purposes takes place by e-mail, app, telephone or e-mail. If you do not appreciate this communication, you can unsubscribe via the unsubscribe option provided in these messages. You can also report this to the Eneco department where you purchase products and/or services via the contactform or in writing to Antwoordnummer 5166, 3000 VB Rotterdam.

If you are no longer a customer, we can still approach you with an offer to become a customer again, unless you have opted out. For this purpose, Eneco applies a maximum retention period of three years (customers) or seven years (business customers), beginning at the end of the customer relationship. 

When you visit our website, we may connect the data relating to your use of our website to the other information about you known to us to improve our service to you and to show you relevant advertisements. We can also use the data for carrying out analyses to put more specific information on the sites for you. With this Eneco can further improve its services and adapt it to the wishes of customers. In addition, we combine your online surf, search and customer behaviour to make you relevant offers and recommendations online and/or offline, tailored to your preferences or interests and to optimize our campaigns. We do this on the basis of cookie techniques and techniques comparable to cookies. This is explained in our cookie statement.

Eneco may also use your data to show personalised advertisements outside our own website(s), for example on search engines such as Google, or banner advertisements on social media channels such as Facebook, Instagram or YouTube. In order to tailor the advertisements to your situation and preferences, we may share data such as your email, telephone number and address encrypted with selected partners.

i. For statistical and scientific purposes

We can also use your data we have recorded to perform analyses and conduct research, even if we no longer need this data for other purposes. This means that the data will only be used for historical, statistical or scientific purposes.

j. Links to other sites

A number of links to websites of other parties are included on the Eneco websites. Eneco is not responsible for the way in which these parties handle your data. Therefore, check whether the site you visit contains a privacy statement. If so, read this to see if you can agree to the privacy policy of the party in question.

Special personal data

Special personal data is health data, data on religious or philosophical convictions, ethnic data or data concerning race, political opinions, union membership, biometric data for the unique identification of a person, genetic data and data related to a person's sexual behaviour or sexual orientation. Eneco does not process any special personal data, unless this is permitted by law. Are you asking us to record special personal data about you or do you make this information public? Then we only process this data if this is necessary for our services.

Criminal law personal data
Another category of data concerns the criminal law data. This concerns the processing of personal data concerning criminal convictions and criminal offenses or related security measures. It also concerns personal data concerning a prohibition imposed by the court in connection with unlawful or obstructive behaviour. Eneco can also process this data if the law permits or in the context of investigations into criminal offenses or obstructive and/or (previously shown) aggressive behaviour.

Eneco can provide your personal data to service providers, which we use for our operations or the execution of our services and which process personal data on our request. Eneco can, for example, call on service providers for IT support or for the settlement or delivery of our services. Eneco provides service providers with data that are necessary for the service. Eneco obliges the service providers with whom Eneco shares personal data to use such data exclusively in connection with the relevant service provision to Eneco or to comply with legal obligations. The service providers are only allowed to act on instructions provided by Eneco. Eneco obliges these service providers to adequately secure the data technically and organizationally and to keep it confidential.

Although Eneco's preference is to engage service providers in countries within the EEA where an adequate level of protection applies, the service providers that Eneco engages can be located all over the world. This can therefore lead to transfers to third parties in countries that do not offer the same level of protection of personal data as within the EEA.

However, Eneco only engages such party if an adequate level of protection and security can be offered. For example, because the transfer of personal data leads to a country that has been designated by the European Commission on the basis of an adequacy decision as a country with a comparable level of protection, or the third party may use Binding Corporate Rules or by using the Standard Model Clauses. These are standard contracts drawn up by the European Commission for the transfer of personal data to countries that do not offer the same level of protection as within the EEA.

Your personal data may be subject to investigation by competent national authorities of the countries where such data is processed, both during and after processing. In addition, Eneco can become legally obliged to provide your personal data to government bodies, regulators, police or, for example, appointed advisors (such as an administrator or lawyer).

Eneco can also share your personal data (or a derivative of this data) with non-commercial research institutions and government organizations for the purposes of research, and the development of government policy in the field of renewable energy, climate and smart energy networks.

Your personal data will not without your consent be sold to third parties, who will further process the data processed for their own purposes.

You have a number of rights with regard to the personal data that Eneco has about you. These rights are explained below. Rights are not absolute, there may always be possible exceptions that result in a situation where we cannot comply to your request. If so, we will explain the circumstances to you.

If you send Eneco a request about one of these rights, Eneco will respond to this within four weeks. You can submit your request by mail or digital. Send your request to Eneco citing 'Privacy' in writing to Antwoordnummer 5166, 3000 VB Rotterdam. Or use the contactform and choose ‘Privacy’ under ‘Subject of question/complaint’. In the request you must specify (as far as is possible) the personal data to which your request relates. You must also provide together with your request your name, address and telephone number. Making a request is free of charge unless you make unfounded or excessive requests.

Before we can comply with your request, we are legally obliged to identify you.

Right of access to your personal data

You have the right of access to your personal data. This means that at the Eneco department where you purchase products and/or services, you can request which personal data is processed and for which purposes that data is used.

Right to rectification of your personal data

You have the right to have your personal data rectified or completed if this information is incorrect or inaccurate.

Right to erasure (“right to be forgotten”)

You can also request Eneco to erase your personal data. Eneco does not always have to comply with such request. If you withdraw your consent to processing Eneco does not have to erase your personal data if there is another legal basis for processing that data. For example, Eneco will not delete the personal data if Eneco is legally obliged to keep your data or because the data are required to provide products and/or services to you.

Right to object

You can object to the processing of personal data for direct marketing or because of your specific situation. This only applies to processing under the basis of legitimate interest.

Right to restriction of processing

If you think that the processing of your data by Eneco is unlawful or if Eneco no longer needs your data, but you do not want this data to be erased, you can request a restriction of the processing. Your data will then be stored but will in principle not be used anymore. The request for restriction can also be made if you are still waiting for access to your data or an answer to your objection to the use.

Right to data portability

You can request Eneco to provide the data that Eneco has from you to you (electronically) or you can request Eneco to transfer this data to another entity.

The right to data portability applies only to personal data collected on the basis of consent or on the basis of the entry into, and performance of, a contract.

In addition, it only applies to personal data provided by, and related to, you. This includes both personal data that have been actively and consciously provided by you (such as your e-mail address when entering into your contract with Eneco), as well as personal data that has been provided by using a device or service (for example data collected via the Eneco App or Toon). Derived data (for example an interest profile built up by registering visitor behaviour) is explicitly excluded from the right to data portability.

When processing personal data in the Netherlands, Eneco is bound, among other things, to:

• The General Data Protection Regulation ('GDPR')
• The Smart Meters Code of Conduct for energy suppliers
• The Processing Code of Conduct for Other Services Providers 
• The Telecommunications Act
• The Code of Conduct Telemarketing 

The Smart Meters Code of Conduct for energy suppliers and the Processing Code of Conduct for Other Services Providers are approved by Dutch Data Protection Authority.

Your personal data will be stored carefully and no longer than is necessary for the purpose for which it was processed. Within Eneco, your personal data can only be used by employees who need to have access to this, given their function. Our employees have a duty of confidentiality. Do we want to use data for a purpose other than that for which they were originally processed? Then we can only do that when there is a close relationship between the two purposes.

Your personal data can also be exchanged between the business units of Eneco. But only if there is a ground to do so and if this is compatible with the purpose for which the data was collected.

Eneco takes appropriate technical and organizational measures to protect your personal data against destruction (accidental or unlawful), loss, misuse, forgery, unauthorized access or spreading or any other form of unlawful processing of your personal data. For example, Eneco can use encryption, access codes and pseudonymisation of personal data. In doing so, Eneco weighs the risks, the technical possibilities and the implementation costs.

Eneco believes it is very important that your data is secure. If, for example, data has been lost or accessible where it shouldn’t, we would appreciate it if you inform us as soon as possible. So that we can contact the data subjects involved and inform the regulator about this where necessary. You can do this via meldpuntdatalekken@eneco.com. Mention your name in your e-mail, possibly the organization you work for, your telephone number and a short description of the data breach.

Eneco adheres to the notification requirement for data breaches. This means that we report a serious data breach of personal data to the Dutch Data Protection Authority within 72 hours after having observed the data breach. Have you discovered a (possible) data breach? Please notify us as soon as possible, but in any case within 24 hours after you have detected the data breach. More information.

For questions or complaints about the processing of personal data by Eneco, you can contact us by mail or digital. You can send your question of complaint to Antwoordnummer 5166, 3000 VB Rotterdam citing ‘privacy’ and the department where your products and/or services are purchased. Or use the contactform and choose ‘Privacy’ under ‘Subject of question/complaint’.

In addition, you can file your questions or complaints about the processing of personal data with the Data Protection Officer ("DPO") that Eneco has appointed to supervise compliance with the GDPR. In that case, you can contact the DPO directly, who can be reached by e-mail via meldpuntprivacy@eneco.com. You can also contact the Dutch Data Protection Authority directly to file a complaint.

Yes, our privacy statement may change from time to time. Changes in law or in our products and/or services may have consequences in the way we process your personal data. In that case the privacy statement will be adjusted and we will inform you about it. You can always find the latest version of our privacy statement at this website.

Version: November 2023

Eneco uses two types of data storage in your browser when offering its services online: cookies and local storage.

Eneco’s websites use cookies. Cookies are small files we put on your desktop computer, tablet or smartphone when you use our websites. We use cookies for the following purposes:

• For research, website optimization and improving the user experience.
• To store your preferences entered on the website.
• To inform you as well as possible about our products and services. We show you content and information that is most relevant and/or tailored to your preferences or interests. 

Some cookies are necessary. These cookies have no or small impact on your privacy. We always store these cookies when you visit our website to ensure it works correctly and allow you to use the functionalities of the website. For example to make sure you remain logged in, to use the question form, to become a customer online, to change your address and to remember login credentials for Mijn Eneco. We also use cookies to anonymously analyze your use of our website or to track whether an advertisement has led to a sale.

Our website uses more cookies that are useful, but not necessary. These cookies allow you to give feedback or share messages on social media and enable us to show you more relevant advertisements on websites of third-parties. These cookies may collect data outside of our website. However, we only put these cookies on our website after you have given us your consent. Consent can always be withdrawn. You can do this by changing your browser settings. 

Would you prefer that no cookies are stored on your browser? You can turn them off in your browser settings. Note: this means that all the functionalities of the website may not work on your desktop computer, tablet or smartphone.

Here you find an overview of cookies, with their associated functionalities, that are always stored on your desktop computer, tablet or smartphone when you visit our website. We also list whether your consent is needed to store the cookie.

Sometimes data is not stored in a cookie, but in the ‘local storage’ of your browser. Eneco uses HTML5 Local Storage to store data. These work in a similar way to cookies, but allows for more information to be stored. With local storage you decide how long the browser stores the data. This depends on your browser settings and/or how often you delete the history of your browser.

A tracking pixel is an electronic file (size normally 1 x 1 pixel) that is attached to an e-mail (for example our newsletter). By using a tracking pixel, we can see if an e-mail has been read.