Skip to main content

Privacy Policy

Privacy Policy


This Privacy Policy is provided by DCUSA LIMITED (“we” or “us“). We are the company established for the purposes of the Distribution Connection and Use of System Agreement (“DCUSA“).

We are a ‘controller’ for the purposes of the Data Protection Act 2018 and other applicable data privacy legislation (collectively the “Data Protection Laws“). This Privacy Policy applies to the personal data we collect in relation to the provision of our business, suppliers that we work with and in responding to general enquiries. We take your privacy very seriously and ask that you read this Privacy Policy carefully as it contains important information about our processing and your rights.


If you would like this Privacy Policy in another format (for example: audio, large print, braille) please contact us at the details below:

·             Position: Privacy Manager
·             Address: DCUSA Limited, Northumberland House, 303-306 High Holborn, London WC1V 7JZ
·             Email: [email protected]


The latest version of the Privacy Policy can be found here ( We may change this Privacy Policy from time to time. We will alert you on our website ( when changes are made.

Current version: December 2020


DCUSA Party Data

When the organisation you work for signs up as a party to the DCUSA, they may nominate you as one of their representatives or give your details for the purposes of receiving communications. If so, we collect your name, job title, work address, phone number and email address.

Website Account

If you set-up an online account for our website, we collect your user ID and password for the account, and your website usage.

DCUSA Panel, Committee or Workgroup Data

When you join a DCUSA panel, committee or workgroup, we collect your name, job title, gender, work address, phone number and email address. If you are a director of DCUSA Ltd we also collect your date of birth. If you are to be remunerated or have your expenses refunded we also collect your bank account details. Your attendance at meetings, and the views you express, will be recorded as part of the meeting minutes which we draft and manage.


We collect the name, job title, work address, phone number and email address of the relevant contact point for our service providers and other suppliers (includes prospective, current and previous suppliers).

General Enquiries

When you contact us for general enquiries we collect your name, contact details and information regarding your query.

Data relating to detection and investigation of energy theft

Acting for licensed energy suppliers, we manage a number of regulated schemes concerned with prevention, detection and investigation of energy theft in Great Britain. In this role, we control the collection of the following data in relation to energy customers in Great Britain: name, address, energy usage, meter details, and status of investigations of instances of possible energy theft.


We use your personal data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section “How is processing your data lawful” for further detail).

Personal Data processed Purpose Legal Basis
DCUSA Party Data ·      Provide you with notices, invoices and other communications under or in relation to the DCUSA.

·      Arrange meetings, record meeting minutes and other administrative matters in relation to the DCUSA.

·      Request feedback from DCUSA parties to make improvements to our services.

·      Publish contact information on the DCUSA website e.g. Contract Managers and other operational or escalation contacts for use by other DCUSA parties.

Legitimate Interest
Website Account ·      Provide access to the private section of our website.

·      Provide other website functionality.

Contract, Legitimate Interest
DCUSA Panel, Committee or Workgroup Data ·      Provide you with notices under the DCUSA.

·      Arrange meetings and record meeting minutes and other administrative matters relating to the DCUSA.

·      Provide industry training and information sessions.

·      If applicable, pay remuneration and refund expenses.

·      Panel Members website page also includes a photograph and short biography to inform relevant parties who they are represented by on the panel.

Contract, Legitimate Interest
Suppliers ·      Manage and administer the contract that we have with our suppliers.


Contract, Legitimate Interest
General Enquiries ·      Respond to your request for information about our services Legitimate Interest


Furthermore, we will process your personal data for the following purposes:

  • Comply with any procedures, laws and regulations which apply to us; and
  • Establish, exercise or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others.


We are allowed to process your personal data based on the following legal bases for the purposes explained in the previous section “Why do we process your personal data”:

  • Legitimate Interests – We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The table in the previous section “”Why Do We Process Your Personal Data” explains the personal data processed on this basis.

You can object to processing that we carry out on the grounds of legitimate interests. See the section headed “Your Rights” to find out how.

  • ContractIt is necessary for our performance of the contract you have agreed to enter with us. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.
  • Legal obligationWe are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory rules, and to make mandatory disclosures to government bodies and law enforcement agencies.


The following categories of personal data will be kept for the following periods.

Data we process How long this will be held for
DCUSA Party Data 6 years
Website Account 6 years
DCUSA Panel Committee or Workgroup Data 6 years
Suppliers 6 years
General Enquiries 6 years



We use external providers that act as our processors who provide typical services required by all organisations such as website development and IT hosting. These providers process your personal data as part of the services they offer to us. We take steps to ensure that our service providers process your data in accordance with the Data Protection Laws, only use it in accordance with our contract with them and keep it secure. If you would like more information about our processors, please contact us using the details at the “How to contact us” section.

We also share your personal data with the following external parties who act as separate controllers of your personal data:

 External Party Purpose and Types of Data Shared
DCUSA Parties and members of the Panel, Committees or Workgroups Contact details, meeting agendas and minutes and other of your details are shared between those who participate in the governance or administration of the DCUSA for DCUSA related purposes.
Regulators Contact details, meeting agendas and minutes and other of your details are also shared with Ofgem as part of the process for governing and administrating the DCUSA.
Secretariat Our main service provider is the Secretariat function which performs the role described in the DCUSA. This is currently Electralink Ltd.
Other Energy Code Bodies From time to time we may share your details with the companies who manage other energy industry codes for the governance and administration of those codes.
Professional Advisors We share your personal data with professional advisors including (but not limited to) accountants, lawyers and auditors to receive their services.


We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities.


As a data subject, you have the following legal rights under the Data Protection Laws in relation to your personal data. You can exercise these rights free of charge, by contacting us (please see “How to contact us“). We will respond to any rights that you exercise within a month of receiving the request unless the request is particularly complex, in which case we will respond within three months.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Please be aware that there are exceptions and exemptions that apply to some of these rights, which we will apply in accordance with the Data Protection Laws.

1.      Right of access You have the right to obtain access to your personal data we process and certain other information (similar to that provided in this Privacy Policy).

To help us find the information, please give us as much information as possible about the type of personal data you would like to see.

2.      Right to rectification You are entitled to have your information corrected if it is inaccurate or incomplete.
3.      Rights to ask us to stop contact you with direct marketing You can ask us to stop contacting you for direct marketing purposes.
4.      Rights in relation to automated decision making These rights are not applicable as we do not carry out any automated decision making.
5.      Right to erasure This is also known as the ‘right to be forgotten’ and enables you to request the deletion or removal of your information where:

·         You do not believe that we need your data in order to process it for the purposes set out in this Privacy Policy;

·         If you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;

·         You object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or

·         Your data has been processed unlawfully or have not been erased when it should have been.

6.      Right to restrict processing You have rights to ‘block’ or suppress further use of your information. When processing is restricted we can still store your information, but may not use it further. You may request that we stop processing your personal data temporarily if:

·         You do not think your data is accurate. We will start processing again once we have checked whether or not the data is accurate;

·         The processing is unlawful but you do not want to erase your data;

·         We no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or

·         You have objected to the processing because you believe that your interests should override [the companies] legitimate interests.

7.      Right to data portability You have rights in certain circumstances to obtain and reuse your personal data for your own purposes across different services.
8.      Right to object to processing You have the right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing.
9.      Right to withdraw consent If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time.


What if your rights are breached?

You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.

Complaints to the regulator

It is important that you ensure you have read this Privacy Policy. If you do not think that we have processed your data in accordance with this Privacy Policy, you should let us know as soon as possible. You also have the right to complain to the Information Commissioner’s Office. Information about how to do this is available on its website at