Customer privacy

GRI 418

Management approach

GRI 103
(103-1, 103-2, 103-3)


Since the entry into force of the General Data Protection Regulation (GDPR) in 2018, the processing of personal data has become even more important, both within the company as well as externally with regard to data flows.

As an international energy company, Alpiq operates in all major European markets, which is why the GDPR is of key importance to Alpiq. Alpiq runs a data protection management system and has appointed a Data Privacy Officer (DPO) for the Group. Alpiq's DPO is supported by local data protection partners (coordinators) who ensure data privacy compliance in accordance with the GDPR and all other applicable local regulations. The data privacy experts maintain a regular exchange and participates in further development activities. Alpiq’s strategic focus lies primarily on B2B business.

Management approach

Trust is a fundamental prerequisite for Alpiq’s sustainable success. Alpiq is therefore committed to handling personal data with the utmost care. All employees are trained in the respectful handling of personal data in accordance with the applicable rules and regulations. Alpiq considers data privacy to be more than a legal requirement; it is an integral part of business practices, as demonstrated by the "Privacy by Design" and "Privacy by Default" concepts that have been introduced. To underline this approach, the procedures were anchored in the internal rules for data privacy, which were approved by the Executive Board in 2018.

Alpiq’s DPO manages the privacy management system together with the local privacy partners (coordinators) in all operating jurisdictions. The DPO is part of Alpiq’s compliance team and ensures that this matter is given the importance and attention it requires.. Alpiq has standard procedures for handling data subject requests and data breaches, as well as for recording complaints. Transparency and data privacy play a central role in Alpiq’s relationships with its customers and partners. Alpiq operates a state-of-the-art privacy management tool for the uniform management of all aspects of personal data.

Substantiated complaints concerning breaches of customer privacy and losses of customer data

GRI 418-1

Alpiq recorded one substantiated complaint by a regulatory authority during the reporting year as a result of a technical error. Email addresses were automatically and erroneously placed in emails to other customers.

The malfunctioning automatism was immediately eliminated and an improvement in the process was initiated. Alpiq expressed its regret about this incident in writing to those affected. The concerned authority has issued a caution.