Terms and Conditions of Use

This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).


The data

We will process the following personal data:

  • Green Deal (GD) Participant’s Contact Name, Position, Company name, Email address, Phone number, GD participant ID number
  • GD Customer Meter Point Administration Numbers relating to plan data flow
  • Credit safe checks, Criminal offence information on company Directors.


The purpose(s) for which we are processing your personal data is:

  • Authorisation of GD Providers and Certification Bodies (and withdrawal of authorisation where appropriate) and issue licences for the GD Quality Mark.
  • To maintain and publish the GD Participants Register, which allows consumers and others to find the names and contact details of GD Participants.
  • Provide information on the administration of the GD scheme to industry participants via the GD ORB website (including a member’s area) and a helpdesk service.
  • Report on information contained in the GD Participants Register and the ongoing administration.
  • Monitor GD Participants’ compliance with the Framework Regulations, GD Code of Practice and GD Branding Guidelines and address breaches identified.

Legal basis of processing

The legal basis for processing your personal data is:

(a) Legal obligation: It is necessary to comply with a legal obligation placed on us as the data controller to administer the Green Deal Framework (Disclosure, Acknowledgement, Redress etc.) Regulations 2012 and Energy Act 2011. It is a legal requirement to provide the information set out in the 2012 Regulations to become and remain a GD Participant.

(b) Public task: Processing is necessary for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the data controller, such as the exercise of a function of the Crown, a Minister of the Crown, or a government department; the exercise of a function conferred on a person by an enactment; the exercise of a function of either House of Parliament; or the administration of justice.  In this case it is to enable GD Participants to operate in the GD market (and therefore consumers to use the GD scheme) and to enable the provision of advice about the GD.

The processing of personal data relating to criminal convictions and offences or related security measures is not carried out under official authority, but is authorised because it meets one of the conditions for processing special category personal data set out in Part 2 of Schedule 1 to the Data Protection Act 2018:

Protecting the public against dishonesty etc

11        (1)       This condition is met if the processing—

(a) is necessary for the exercise of a protective function,

(b) must be carried out without the consent of the data subject so as not to prejudice the exercise of that function, and

(c) is necessary for reasons of substantial public interest.

(2)       In this paragraph, “protective function” means a function which is intended to protect members of the public against—

(a) dishonesty, malpractice or other seriously improper conduct,

(b) unfitness or incompetence,

(c) mismanagement in the administration of a body or association, or

(d) failures in services provided by a body or association.


Your personal data will be shared by us with

  • the operator of the GD Register, which records details of GD Plans and enables Participants to fulfil functions in line with the the Green Deal Framework (Disclosure, Acknowledgement, Redress etc.) Regulations 2012 and Energy Act 2011
  • Home Energy Scotland to allow them to provide advice about the Green Deal.


Your personal data will be kept by us for

  • as long as it is required under the 2012 Regulations or 2011 Act, or after the expiry or termination of all GD Plans issued by a GD Participant whichever is the later, unless a complaint has been made in which case we will retain the information for a further 2 years following the resolution of the complaint or where we have advised that there is no further action we can take; or
  • 1 year after our last correspondence with you where an application for GD Provider authorisation is requested but not fully pursued; or
  • where information is provided for us to review a complaint it will be retained for 2 years following the resolution of the complaint or where we have advised that there is no further action we can take.

Automated decision making

Your personal data will not be subject to automated decision making

Your Rights

You have the right to request information about how your personal data are processed, and to request a copy of that personal data.

You have the right to request that any inaccuracies in your personal data are rectified without delay.

You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.

You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.

You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.

You have the right to object to the processing of your personal data.

International Transfers

As your personal data is stored on our IT infrastructure and shared with our data processors Microsoft and Amazon Web Services, it may be transferred and stored securely in the UK and European Economic Area. Where your personal data is stored outside the UK and EEA it will be subject to equivalent legal protection through the use of Model Contract Clauses.


If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an UK independent regulator.  The Information Commissioner can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane

0303 123 1113


Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Contact Details

The data controller for your personal data is the Department for Business, Energy & Industrial Strategy (BEIS). You can contact the BEIS Data Protection Officer at:

BEIS Data Protection Officer
Department for Business, Energy and Industrial Strategy
1 Victoria Street

Email: dataprotection@beis.gov.uk

Further information

Intellectual Property Rights

All the information and material on this website is provided for informational purposes only. The GD ORB is the owner of all copyright and other intellectual property rights in this website and its contents (including text and images) or such materials or otherwise appear with the consent of the copyright owner.

No Warranty

No representation, warranty or guarantee is made that the information accessible via this website, or any website with which it is linked, is accurate, complete or current. No warranty is made as to the availability of this site or that the functions used or materials accessible or downloaded from this site will be uninterrupted or free of errors, viruses or other harmful components. To the fullest extent permitted by law, in no event shall GD ORB be liable for any errors, omissions, misstatements or mistakes in any information contained on this site or damages resulting from the use of this site or any decision made or action taken in reliance of information contained in this site.


This privacy policy only covers the GD ORB website at URL and sub domains. Any other links within this site to other websites are not covered by this policy. GD ORB is committed to protecting the privacy of any users of this site and to complying with the terms of the Data Protection Act 2018. This Privacy Statement explains our data processing practices with regard to this website and the uses to which data collected is put.


To make sure our website functions correctly we use cookies.

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site.

Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to your needs. We only use this information for statistical analysis purposes.

A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

How to delete cookies

Please be aware that deleting cookies will impact on the functionality of our website

Our site will not use cookies to collect personally identifiable information about you. However, if you wish to restrict or block the cookies which are set by our website, or indeed any other website, you can do this through your browser settings. The Help function within your browser should tell you how.

Or you can visit www.aboutcookies.org which contains information on how to remove cookies from all the major browsers.

Cookies used within our website

This is a list of the cookies set by our website, and what each is used for:

Session hash– Used to authenticate users on the website.

  • Google Analytics– Used to understand how users navigate through our website, the service is provided by Google Inc. We then use the information gathered to compile reports to improve the functionality and user experience of our website. All information collected is anonymous.