The way you book Security and Privacy Assessments has changed. Our new Assessment Management System (AMS) is an online booking solution allowing SEC Parties, SECAS and the User CIO to fully manage the booking process via this platform. Please use the link below login to your account (except Triage Facility Providers*). If you have not received an account activation request from SECAS yet, please contact the Security and Privacy team. Further guidance on the new online booking tool is available here.
Assessment Management System (AMS)
*Triage Facility Providers can book an assessment here.
Privacy Policy
This Privacy Policy was created and last updated in May 2023.
Who are we?
SECCo Ltd (“SECCo”) and Gemserv Ltd (“Gemserv”) work together to deliver on the commitments of the Smart Energy Code that includes the management of SEC User and Party assessments. SECCo and Gemserv are joint data controllers of your personal data and are responsible for the provision of the Assessment Management System (“AMS”). For more information on how personal data is governed under the SEC, please see SECCo’s Privacy Policy here.
This Privacy Policy outlines how we will use your personal data in accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation (“UK GDPR”).
Personal information collected
For the AMS system, we will collect, use and share your personal data for the following purposes:
| Purpose of Processing | Data Types | Retention Periods | Lawful Basis |
|---|---|---|---|
| To register authorised users and permit their access to the system | Name Email address Phone number Company address Company name Login credentials | For the duration that the organisation is a SEC Party plus 6 months | Legitimate Interest – Provision of SEC Administration & Secretariat Services |
| To schedule and confirm assessment bookings | Name Email address Phone number Company address Company name Assigned assessor | For the duration that the organisation is a SEC Party plus 6 months | Legitimate Interest – Provision of SEC Administration & Secretariat Services |
| To facilitate messages via the system | Name Email address Company name Message contents | 1 year | Legitimate Interest – Provision of SEC Administration & Secretariat Services |
We may also further process this data as required by any law or regulation to which we are obliged to comply with.
Disclosure of your information
Your information may be disclosed to any or all of the following:
- Our employees, contractors or other personnel;
- Third-party service providers, including Solstice Associates Limited, for the development and maintenance of the system, and Microsoft Azure for hosting the system;
- The User Independent Privacy Auditor, Deloitte, for conducting Privacy Assessments and User Independent Security Assurance Service Provider, Deloitte, for conducting Security Assessments;
- For other purposes or to other organisations as specified in SECCO’s Privacy Policy
We only store personal data on systems located within the United Kingdom. However, we may need to provide access to your personal data to third parties located outside of the United Kingdom for the purposes of providing Administration and Secretariat services. Where this occurs, it will be subject to equivalent legal protections, such as through the use of the ICO’s International Data Transfer Agreements or other appropriate safeguards.
Information Security
We will use technical and organisational measures to safeguard your personal information from being accidentally lost, used or accessed in an unauthorised manner, altered or disclosed. We use strict access and authentication controls on our databases, including the AMS. Additionally, we have put into place procedures to deal with any suspected data breach and will notify you of such when we are legally required to do so.
Your rights in relation to your information
Under certain circumstances, you may have the following rights under the UK GDPR:
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to the processing of your personal data
- Request restriction of processing your personal data
- Request transfer of your personal data to you or to a third party
- Right to withdraw consent, where consent has been given to the processing.
You make correct your details at any time:
- within this system;
- completing the online Change In SEC Party Details Form; or
- sending an email to dataprivacy@gemserv.com
For more information on how to contact us to exercise your rights or make a complaint at any time to the Information Commissioner’s Office (ICO), please see SECCO’s Privacy Policy.
If you have any questions about this privacy policy or our privacy practices, please email us at dataprivacy@gemserv.com