This Privacy Policy was updated in October 2023.
Gemserv operates the Smart Energy Code (SEC) https://smartenergycodecompany.co.uk/ and Smart Meter Device Assurance (SMDA) https://smda-scheme.co.uk/) websites, and provides Secretariat functions, alongside and on behalf of SECCo. We take the privacy of our website users very seriously. We ask that you read this Privacy Policy (“the Policy”) carefully as it contains important information about how we will use your personal data in accordance with the Data Protection Act 2018 or the UK General Data Protection Regulation (“UK GDPR”).
This website is not intended for children, and we do not knowingly collect data relating to children. This website is also not intended to cover personal data processed for recruitment or employment purposes.
Our use of any information we collect about you when you visit this website and use our services will be governed by this Privacy Policy. This Privacy Policy should be read in conjunction with the Terms of Use of this website.
Who are we?
SECCo Ltd (“SECCo”) and Gemserv Ltd (“Gemserv”) work together to deliver on the commitments of the Smart Energy Code. Gemserv fulfil the role of the Smart Energy Code Administrator and Secretariat (SECAS), as defined within the SEC. For more information on Gemserv, please see Gemserv’s Privacy Policy here.
SECAS provides advice and support to the SEC Panel and its sub-committees, as well as providing support and assistance to Parties in relation to the SEC and its obligations through the provision of a helpdesk, guidance materials, Party Engagement Analysts and education seminars. Please see here for more information about SECAS.
The delivery of the Smart Energy Code is achieved by the sharing of personal data between SECCo and SECAS (Gemserv). For the purposes of relevant legislation, Gemserv and SECCo are joint data controllers of your personal data (i.e. are jointly responsible for and control the processing of your personal data as detailed in this policy). We perform all processing of your personal data as joint controllers, which means that we are jointly responsible to you under data protection legislation for that processing.
Full company details of SECCo are as follows:
Name: Smart Energy Code Company Limited, Company number 08430267
Registered office address: 77 Gracechurch Street, London, EC3V 0AS
Full company details of Gemserv are as follows:
Name: Gemserv Limited, Company number 04419878
Registered office address: 77 Gracechurch Street, London, EC3V 0AS
If you have any questions about this privacy policy or our privacy practices, please email SECAS at dataprivacy@gemserv.com.
Our Processing Roles
SECAS has primary responsibility for the day-to-day processing of your personal data as it collects the data from you and has direct contact with you. As such, SECAS is responsible for the following activities:
- Acting as your main point of contact for any data protection related queries via the dataprivacy@gemserv.com mailbox;
- Liaising with the Information Commissioner’s Office (ICO), where required;
- Responding to data subject requests with input from SECCo, where required;
- Providing you with information about our processing, including this privacy notice;
- Ensuring that personal data is processed in accordance with data protection laws.
SECCo is responsible for the following activities:
- Assisting SECAS with data subject requests, where required;
- Ensuring that personal data is processed in accordance with data protection laws and this privacy notice.
Personal information collected
We collect your personal data for the following purposes:
| Purpose of Processing | Data Types | Lawful Basis |
|---|---|---|
| To allow you to accede to the SEC code | Name Email Address Company Name Phone Number | Legitimate Interest – Provision of SEC Administration & Secretariat Services |
| To share your information with ALT Han and the DCC when you accede to the code or when you update your details | Name Email Address Company Name Phone Number | Consent |
| To appoint company directors to SECCo | Name Email Address Work Address Phone Number Home Address Date of Birth | Contractual Obligation |
| To send documentation to, and ensure quoracy of meetings with, members | Name Email Address Company Name Phone Number | Legitimate Interest – Provision of SEC Administration & Secretariat Services |
| To send out communications to members of Committees and Working Groups | Name Phone Number Company Address | Legitimate Interest – Provision of SEC Administration & Secretariat Services |
| To send out communications to SEC Parties | Name Phone Number Company Email Address | Legitimate Interest – Provision of SEC Administration & Secretariat Services |
| To inform SEC Parties and others on their progress under the User Entry Process | Name Email address Company Name SEC Party’s User Roles | Consent |
| To provide website users with our newsletter | Name Phone Number Company Address | Consent |
| To carry out assessments under the SEC | Name Email address Phone number Company address Company Name User ID | Legitimate Interest – Provision of SEC Administration & Secretariat Services |
| To register to Codeworks to view the digitised SEC | Name Party Name Party Type Email Address Company address | Consent |
| To track active and disabled Codeworks accounts | Name Email address Company name | Legitimate Interest - Ensuring the digitalisation and security of systems |
| To maintain an operations contact list in relation to critical alerts | SEC Party Name Name Phone Number Email Address | Legitimate Interest – Provision of SEC Administration & Secretariat Services |
| To maintain the CPL Submission log | Name Email Address Company Name Phone number | Legitimate Interest - Provision of SEC Administration and Secretariat Services |
| To maintain a list of manufacturer contact details for the Firmware Information Repository | Name Email Address Company Name Phone Number | Legitimate Interest - Provision of SEC Administration and Secretariat Services |
| To respond to communications, including enquiries and complaints, received through our website contact form or the SECAS Helpdesk | Name Email address Contents of message and historic communications | Legitimate Interest – Provision of SEC Administration & Secretariat Services |
| To allow current SMDA members who are not SEC Parties to continue to access SMDA Material | Name Party Name Email address Invoicing address PO information (if required) | Legitimate Interest – Provision of SEC Administration & Secretariat Services |
| To allow SEC Parties access to SMDA material | Name Email Address Company Name Phone Number | Legitimate Interest – Provision of SEC Administration & Secretariat Services |
| To update and/or process details you submit on online forms, including the Smart Energy Code (SEC) Party contact form, Change of Party Details form, Security Assessment Application form, etc. | Name Email address Company address Phone number | Legitimate Interest – Provision of SEC Administration & Secretariat Services |
| To register for a user account | Name Company Name Username Email address Temporary Password | Consent |
| To send you questionnaires and surveys | Name Phone Number Email Address SEC Party Name | Consent |
| To process invoices | Name Email address Bank account details | Legal Obligation – As necessary for financial and tax purposes |
| To process your application for device testing and process device testing reviews, including final test report, Statement of Assurance and Rectification plan | Name Company name Email address | Legitimate Interest – Provision of SEC Administration & Secretariat Services |
| To be listed as members of committees on our websites | Name Company Name | Consent |
| To manage meeting attendance confirmation to update attendee lists | Name Company Name Company Position | Legitimate Interest - Provision of SEC Administration and Secretariat Services |
| To conduct data analysis on the premature removals of AMR and SMETS meters | MPAN Core MPAN Trading Status MPAN Trading Status EFD Metering Point Address Metering Point Postcode GSP Group Distributor Current Supplier Profile Class Smart Metering Equipment Technical Specification Version Meter serial number Meter Type Meter Asset Provider Meter Installation Date | Legitimate Interest - to fulfil SECAS's obligations under the SEC code, including reducing costs to the energy industry. |
| To create and share podcasts about modifications to the Smart Energy Code | Name Voice Recording | Legitimate Interest - to provide interested parties with updates on modifications to the SEC to provide a better service to individuals |
| To host SEC Engagement Day Videos | Name Company name Position in company Video recordings User ID | Legitimate Interest - to provide interested parties with updates on modifications to the SEC to provide a better service to individuals |
We may also conduct data processing:
- To enforce the terms of any contract between you and us, including our Website Terms of Use;
- As required by any law or regulation and/or requested by regulatory bodies or law enforcement organisations.
We also collect personal data through Cookies, with your consent. Please see the Cookies section below for more information, as well as our Cookie Banner.
Disclosure of your information
Your information may be disclosed to any or all of the following:
- Through business contact information on our website, to other SEC Parties;
- Our employees, contractors or other personnel;
- Our third-party service provider Audacity who may process staff data in the course of editing podcasts and videos;
- Third party service providers YouTube and Vimeo, where podcasts and videos from SEC Engagement Days might be uploaded and hosted;
- Third-party service providers who may store your personal data or use it in the course of services we request, including our SMDA testing houses, Codeworks for managing the digitised SEC, and Microsoft Dynamics for managing support tickets;
- The Data Communications Company (DCC) as needed for services that the DCC will provide to you;
- Alt HAN Co as needed for services that Alt HAN Co will provide to you;
- The User IPA, Deloitte, for conducting Privacy Assessments and User CIO, Deloitte, for conducting Security Assessments;
- The energy regulator, Ofgem, if needed for regulatory purposes;
- With DJS Research Ltd for conducting our customer satisfaction survey;
- As necessary in order to investigate, respond to, and address any issues or complaint raised by you;
- As otherwise required to enforce the SEC or comply with legal or regulatory obligations or requests, such as with governmental departments such as BEIS and Ofgem;
- Auditors, contractors or other professional advisers of SECCo;
- Shareholders, officers or directors of SECCo, or;
- As otherwise stated, when your information was provided or collected
We require all third parties that we are responsible for to respect the security of your personal data in accordance with legal requirements under the GDPR. Additionally, we do not allow third parties to use your data for purposes other than those we have specified.
Where personal data is shared with the DCC, the DCC will be considered separate data controllers for this purpose. Please consult the DCC’s Privacy Policy for further information.
Marketing and Opting-Out
We will only contact you by email about our work and its progress if you have asked us to do so. If you have changed your mind and would prefer us not to contact you, then you can opt out at any time.
Use of cookies in connection with the website and our Cookie Policy
Use of cookies in connection with the website and our Cookie Policy
Cookies are small files saved to your computer’s hard drive that track, save and store information about your interactions and usage of our website. Cookies allow us to store your preferences to correctly present content, options or functions throughout our website. They also enable us to see information like how many people use our website and what pages they tend to visit.
Cookies have different durations. Temporary cookies, such as those only valid for your browsing session, expire when you close your browser. Permanent cookies, however, will remain on your computer for a longer period until you delete them. We may also use the information gathered from Cookies to compile reports to improve the functionality and user experience of our website.
Cookies can be set by different actors. Typically, this occurs in two cases:
- First-party cookies: These are cookies set by this website for our visitors.
- Third-party cookies: These which are typically set by other websites whose features run on our website (such as social media plugins). We do not control the use of third-party cookies. Some third-party cookies may be set by Google. For more information regarding Google’s use of cookies, please see Google’s Cookie Policy.
Cookies have different purposes. We typically use the following cookies:
- Functional Cookies: Cookies that are strictly necessary to enable you to move around our websites or to provide certain basic features. This includes basic features such as playing videos, and storing information already entered (e.g. username, language, location). These include:
| Name | Description | Type | Lifespan |
|---|---|---|---|
| PHPSESSID | This cookie is required by our website software and stores no personal information | First Party | Session |
| _wpfuuid | This cookie is required by our website software and stores no personal information | First Party | 11 years |
| Complz_choice | This cookie records which cookies you consent to | First Party | 13 days |
| Complz_id | This cookie records which cookies you consent to | First Party | 13 days |
| Complianz_policy_id | This cookie records which cookies you consent to | First Party | 13 days |
| _cf_bm | This cookie identifies and mitigates automated traffic to protect our site from bots | Third Party | A few seconds |
- Statistics: We may deploy cookies that monitor the popularity of sections of our website. These include:
| Name | Description | Type | Lifespan |
|---|---|---|---|
| _ga | This cookie assigns a unique ID to users and to pages to understand how users navigate through our website. | First Party | 2 years |
| _gid | This cookie assigns a unique ID to users and to pages to understand how users navigate through our website. | First Party | A few seconds |
| _ga | This cookie assigns a unique ID to users and to pages to understand how users navigate through our website. | First Party | 2 years |
| _gat_UA-nnnnnnn-nn | This cookie assigns a unique ID to users and to pages to understand how users navigate through our website. | First Party | A few seconds |
| _gat_gtag_xxxxxxxxx xxxxxxxxxxxxxxxxxx | This cookie assigns a unique ID to users and to pages to understand how users navigate through our website. | First Party | A few seconds |
Your rights in relation to cookies.
We generally only place cookies with your consent when you first visit this website, apart from for Functional cookies, which are mandatory for this website to operate. If you want to avoid this website placing Statistics and Marketing Cookies on your browser, you can use our Cookie Banner to choose to deselect all cookies besides the Functional Cookies on visiting this website. You may also set your browser settings to attempt to reject all cookies or manually delete the Cookies and may still use this website.
Information Security
We will use technical and organisational measures to safeguard your personal information from being accidentally lost, used or accessed in an unauthorised manner, altered or disclosed. In particular, we use strict access and authentication controls on our databases, and, where possible, use encryption in transit when sharing files via email.
Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the Internet is not entirely secure, and for this reason we cannot guarantee the security or integrity of any personal data or other information that is transferred from you or to you via the Internet.
Additionally, we have put into place procedures to deal with any suspected data breach and will notify you of such when we are legally required to do so.
Storage of your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we have collected it for (as outlined above), or as long as we are required to maintain it by law.
| Purpose of Processing | Retention Period |
|---|---|
| To accede to the SEC code | Duration of membership of SEC, otherwise up to one year |
| To appoint company directors to SECCo | Duration of membership of Board |
| To send documentation to, and ensure quoracy of meetings with, members | Duration of membership of SEC/Committee/Board (whichever is longer) |
| To send out communications to members of Committees and Working Groups | Duration of membership of SEC/Committee/Board (whichever is longer) |
| To send out communications to SEC Parties | Duration of membership of SEC, otherwise up to one year |
| To inform SEC Parties and others on their progress under the User Entry Process | Duration of membership of SEC, otherwise up to one year |
| To allow website users to sign up to our newsletter | Duration of the provision of service or until you withdraw consent, whichever is sooner |
| To carry out assessments under the SEC | Duration of membership of the SEC |
| To register to Codeworks to view digitised SEC | 5 years or until you remove your account, whichever is sooner |
| To track active and disabled Codeworks accounts | For the duration of the provision of Smart Energy Code administration services by Gemserv, with details updated as account status changes |
| To maintain an operations contact list to be contacted in relation to critical alerts | For duration of membership of the SEC |
| To maintain the CPL Submission log | For duration of membership of the SEC |
| To maintain a list of manufacturer contact details for the Firmware Information Repository | For duration of membership of the SEC |
| To respond to communications, including enquiries and complaints, received through our website contact form and SECAS Helpdesk | Up to 7 years |
| To allow current SMDA members who are not SEC Parties to continue to access SMDA Material | Duration of membership of the SMDA |
| To allow SEC Parties access to SMDA material | Duration of membership of the SMDA/SEC |
| To update and/or process details you submit via online forms, including the Smart Energy Code (SEC) Party contact form, Change of Party Details form, Security Assessment Application form, etc. | Duration of membership of SMDA/SEC |
| To register for a user account | For the duration of your membership of SMDA/SEC |
| To send you questionnaires and surveys | Up to 6 years, unless you withdraw consent |
| To process invoices | Up to 7 years |
| To process device assurance | For the duration of membership of SMDA |
| To be listed as members of committees on our website | Duration of membership of relevant committee |
| To manage meeting attendance confirmation to update attendee lists | Up to 7 years |
| To conduct a data analysis on the premature removals of AMR and SMETS meters | Duration of the research project |
| To create and share podcasts about modifications to the Smart Energy Code | To create and share podcasts about modifications to the Smart Energy Code |
| To host SEC Engagement Day Videos | Youtube/Vimeo/SECAS Sharepoint: Duration of the provision of SECAS services |
Use of your personal information submitted to other websites
SECCo/Gemserv cannot be responsible for the privacy policies and practices of other non-SECCo websites, even if you accessed the third-party website using links from our Website, or you linked to our Website from a third-party website.
Transferring your personal data outside the UK
SECCo only stores personal data on systems located within the United Kingdom. However, we may need to transfer your personal information to third parties located in countries outside of the United Kingdom for the purposes of providing Administration and Secretariat services. Where we do so, we will ensure that such transfers are subject to appropriate security measures, risk assessments and contractual controls as necessary to safeguard your personal information.
This may involve transferring your personal data :
- where the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR
- where there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
- A specific exception applies under relevant data protection law.
Where we transfer your personal data outside the UK we do so on the basis of legally approved standard data protection clauses recognised or issued further to Article 46(2) of the UK/EU GDPR and Part 3 of Schedule 21 to the Data Protection Act 2018.
Any changes to the destinations to which we send personal data or in the transfer mechanisms we rely on to transfer personal data internationally will be notified to you.
International transfers of your personal data outside the UK—in more detail
More details about the service providers to which your personal data is transferred are set out in the table below.
| Recipient country | Recipient | Processing operation (use) by recipient | Lawful safeguard |
| United States | Vimeo,Inc(“Vimeo”)
Vimeo’s Privacy Policy – Privacy Policy
YouTube LLC (“YouTube” YouTube’s Privacy Policy – Privacy Policy
|
To upload and host video content on their platforms | Legally approved standard data protection clauses recognised or issued further to Article 46(2) of the UK GDPR and Part 3 of Schedule 21 to the Data Protection Act 2018
|
Your rights in relation to your information
Under certain circumstances, you may have certain rights under data protection laws in relation to your personal data which are as follows:
- Request access to your personal data – This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of your personal data – This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data – This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
- Object to processing of your personal data.
- Request restriction of processing your personal data – This enables you to ask us to suspend the processing of your personal data in specific circumstances.
- Request transfer of your personal data to you or to a third party – We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
- Right to withdraw consent, where consent has been given to the processing. Please see the section ‘Marketing and Opting Out’ above for more information.
You can write to us to request access to your personal information and other rights at:
Smart Energy Code Company Limited
77 Gracechurch Street
London
EC3V 0AS
We will require proof of your identity before responding to any request from you.
In addition, if you have any enquiry about this Privacy Policy or data protection practices, please write to the Legal Department at the above address.
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) on any data protection issues.
Updating your details
Additionally, if any of the information that you have provided to us changes, please let us know the correct details by sending an email to dataprivacy@gemserv.com where we have the facility to log in to the website and update any user details.
Contact Information
If you have any questions about this privacy policy or our privacy practices, please email us at dataprivacy@gemserv.com.
We may change this Privacy Policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access the Website.
These terms shall be governed by and construed in accordance with the laws of England and you and we agree to submit to the exclusive jurisdiction of the courts of England and Wales.