Scottish Power Limited (“ScottishPower”) respects the privacy of everyone who uses its services. We are obligated by the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR) to inform you of ways we use your personal information. Please read our privacy notice to understand our approach to processing your personal data. When you submit your personal information to us, you give us permission – where necessary and appropriate – to process it in ways outlined within this privacy notice.

What does this privacy notice cover?

The purpose of this privacy notice is to inform you of the ways in which your personal information is processed when it is provided by you via our website.

Who controls your personal information

You, the Data Subject, are the Data Controller of your Personal Information. The Data Processors of your personal information are as follows:

  • Scottish Power Limited (“ScottishPower”) with registered number SC193794 whose registered office is at 320 St. Vincent Street, Glasgow, G2 5AD

ScottishPower will only process your data on your behalf as Data Controller.

Why we collect your personal information

We collect your personal information for a number of reasons. Personal information that we collect is taken from a profile form, surveys and feedback for members.  

The reasons for collecting this information are as follows:

  • To better provide you with the required services or information
  • To respond to a query or request submitted by you

If you would like us to stop using your personal information at any time for any or all of the purposes outlined above, please contact us as set out in the ‘Contact us’ section and we will consider your request in line with the GDPR and any other applicable data protection legislation.

In accordance with GDPR, the lawful bases upon which we process your personal information are:

  • Consent – you have given us clear consent to process your personal information for a specific purpose
  • Legal obligation – the processing is necessary for us to comply with the law (not including contractual obligations)

Your personal information will occasionally be transferred to third party organisations, some of whom may be located outside of the European Economic Area (EEA), as part of the services that we offer to you. For example, this could happen if any of our servers that store your personal information are located in a country outside of the EEA, or when one of our service providers is located in a country outside of the EEA.

The agreements that we have with these third party organisations are such that they will not use your personal information for any other purposes other than those we have agreed with them. We explicitly request that any third party organisations with whom we share personal information implement adequate levels of protection to safeguard your personal information in accordance with the GDPR and any other applicable data protection legislation.

In line with this privacy notice, we will not share or transfer your personal information without your permission, unless we are under a legal obligation to do so (for example, for the purposes of legal proceedings or fraud/crime prevention) or where such an action is necessary to protect and/or defend our rights, property or the personal safety of our staff, customers or other individuals.

Non-personal information

In the course of interactions, we may automatically collect some of your non-personal information, such as the website from which you accessed ours or the type of internet browser you are using. We may also collect aggregated data which in itself does not personally identify you, such as your age or your city of residence. Information such as this is only used to help us provide an effective service and sometimes we may supply this non-personal information to third parties for statistical purposes.

Accuracy of your personal information

In line with this privacy notice, it is our responsibility to maintain the accuracy of the personal information we hold and process about you. If you would like to review, change or delete the personal information that you have given to us, please contact us as set out in the ‘Contacts’ section below.

Data retention

In accordance with our Retention Schedule, we will retain your personal information for no longer than 5 years but in the event of you been an employee of SP this period will be in accordance with the retention period as prescribed as part of your HR records retention schedule and once this period expires,all personal data will be securely destroyed.


If you visit our website we will collect and store your IP address, the browser software that you use and your activity on our website through cookies. More information about how we use cookies can be found via the Cookies section of our website. 

Other circumstances in which SPCW may disclose your Personal Information

We may disclose your Personal Information to any member of our Group, which means our subsidiaries, our ultimate holding company and its subsidiaries.

We may disclose your Personal Information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your Personal Information to the prospective seller or buyer of such business or assets, but only if such disclosure is reasonably required for the purposes of the sale or purchase;
  • If all or substantially all of our assets are acquired by a third party, your Personal Information may be one of the transferred assets;

If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of SPCW personnel


We have taken all reasonably applicable appropriate technical and organisational measures in accordance with the GDPR to protect your personal information against unauthorised or unlawful processing and against accidental loss, destruction or damage. We are committed to updating these measures appropriately as and when new technology becomes available.


In accordance with GDPR, you can contact us at to exercise any and all of the following rights that you have available in relation to our processing of your personal information:

  • Right of access – you have the right to obtain confirmation that your personal information is being processed and access to your personal information
  • Right to rectification – you have the right to have your personal information rectified if it is inaccurate or incomplete
  • Right to erasure (Right to be forgotten) – you have the right to request the deletion or removal of your personal information where there is no compelling reason for its continued processing by us
  • Right to restrict processing – you have the right to request that we block or supress processing of your personal information
  • Right to data portability – you have the right to obtain and reuse your personal information for your own purposes across different services as the processing is based on your consent
  • Right to withdraw consent – where we process personal information based on your consent, you have the right to withdraw this consent at any time

Additionally, you have the right to lodge a complaint with our Data Protection Officer at if you believe that your personal information is not being processed in line with this privacy notice. If you are not satisfied with the response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) by contacting:


Information Commissioner's Office
Wycliffe House
Water Lane

Tel: 0303 123 1113

Changes to our privacy notice

We may change this privacy notice from time to time. If we do, we will post the changes on this page and detail any substantial changes to the way in which we process your personal information if applicable. We recommend that you check our privacy notice on a regular basis to stay informed of any updates.