Privacy Policy, including Cookie Policy

This Privacy Policy was updated in December, 2021. 

Note: Following the implementation of SEC MP111 on 22nd January 2021, all SMDA services are being delivered through the Smart Energy Code Company Ltd (SECCo) and as such, this privacy notice applies to SMDA and SECCo services, including the SMDA and SECCo websites. For more information about what this means for you, please contact us at: SMDASO@gemserv.com or secas@gemserv.com 

Gemserv operates these websites (https://smartenergycodecompany.co.uk/https://smda-scheme.co.uk/) and provides Secretariat functions on behalf of SECCo. We take the privacy of our website users very seriously. We ask that you read this Privacy Policy (“the Policy”) carefully as it contains important information about how we will use your personal information in accordance with the Data Protection Act 2018 or the General Data Protection Regulation (Regulation 2016/679) (“GDPR”). 

For the purposes of relevant legislation, Gemserv Ltd (“Gemserv”) and SECCo Ltd (“SECCo”) are data controllers in their own rights (i.e. responsible for and control the processing of your personal information). 

This website is not intended for children, and we do not knowingly collect data relating to children. This website is also not intended to cover personal data processed for recruitment or employment purposes. 

Our use of any information we collect about you when you visit this website and use our services will be governed by this Privacy Policy. This Privacy Policy should be read in conjunction with the Terms  of Use of this website. 

Who are we? 

Full company details of SECCo are as follows: 

Name: Smart Energy Code Company Limited,  

Company number 08430267 

Registered office address: 77 Gracechurch Street, London, EC3V 0AS

 Full company details of Gemserv are as follows: 

Name: Gemserv Limited,  

Company number 04419878 

Registered office address: 77 Gracechurch Street, London, EC3V 0AS 

If you have any questions about this privacy policy or our privacy practices, please email us at dataprivacy@gemserv.com. 

 Personal information collected 

We typically collect personal information when you use this website or register for our services, including when you: 

Purpose of Processing  Data Types  Lawful Basis 
Accessions to the SEC code  Name 

Email Address 

Company Name 

Phone Number 

Contractual obligation 
To send documentation to, and ensure quoracy of meetings with, members  Name 

Email Address 

Company Name 

Phone Number 

Contractual obligation  
To allow website users to sign up to our newsletter  Name 

Email 

Phone Number 

Company Address 

Consent 
To carry our assessments under the SEC  Name 

Email address 

Phone number 

Company address 

Company Name 

User ID 

Contractual obligation 
To register to Codeworks to view digitised SEC  Name 

Party Name 

Party Type 

Email Address 

Company address 

Consent 
To respond to communications, including enquiries and complaints, received through our website contact form  Name 

Email address 

Contents of message 

Legitimate interest to respond to your communications 
To allow current SMDA members who are not SEC Parties to continue to access SMDA Material  Name 

Party Name  

Email address 

Invoicing address 

Purchase Order information (if required) 

Contractual Obligation 
SEC Parties requesting access to SMDA material  Name 

Email Address 

Company Name 

Phone Number 

Contractual obligation 
When you submit online forms, including the Accession application form, Smart Energy Code (SEC) Party contact form, Change of Party Details form, Security Assessment Application form, etc. 

 

Name 

Email address 

Company address 

Phone number 

Contractual Obligation 
To register for a user account  Name 

Company Name 

Username 

Email address 

Temporary Password 

Consent 
Respond to questionnaires and surveys  Name 

Email Address 

Consent 
To process invoices  Name 

Email address 

Bank account details 

Contractual obligation 
To process your application for device testing  Name 

Company name 

Email address 

Contractual obligation 
To receive device Assurance confirmation and device testing reviews including (final test report, Statement of Assurance and Rectification plan)  Name 

Company name 

Email address 

Contractual obligation 
To be listed as a SMDA Sub-Committee Member on the website  Name  

Company Name 

Contractual obligation 

 

We also collect personal data through Cookies. Please see the Cookies section below for more information, as well as our Cookie Banner. 

How we use your personal information 

We will use your personal information for the purposes described to you at the time you provided your data to us. These purposes include: 

  • Responding to and keeping a record of your enquiries; 
  • To enable us to record the details of parties wishing to accede to the SEC; 
  • To provide services required under the SEC, including organising events and meetings related to SEC activities; 
  • Maintaining relevant databases in relation to the SEC Party contact details; 
  • Sending Newsletters or information about our work and services; 
  • Any other processing for which you have given your consent; 
  • Enforcing the terms of any contract between you and us, including our website Terms of Use; 
  • Improving user website experience, such as through the use of Cookies; and 
  • Any processing required by any law or regulation and/or requested by regulatory bodies or law enforcement organisations. 

 Disclosure of your information 

Your information may be disclosed to any or all of the following: 

  • On our website, to other SEC Parties; 
  • Our employees, contractors or other personnel; 
  • Third-party service providers who may store your personal data or use it in the course of services we request, including our SMDA testing houses; 
  • The Data Communications Company (DCC) as needed for services that the DCC will provide to you; 
  • The energy regulator, Ofgem, if needed for regulatory purposes; 
  • As necessary in order to investigate, respond to, and address any issues or complaint raised by you; 
  • As otherwise stated when your information was provided or collected; and/or 
  • As otherwise required to enforce the SEC or comply with legal or regulatory obligations or requests, such as with governmental departments such as BEIS and Ofgem; 
  • Auditors, contractors or other professional advisers of SECCo; and 
  • Shareholders, officers or directors of SECCo. 

We require all third parties to respect the security of your personal data in accordance with legal requirements under the GDPR. Additionally, we do not allow third parties to use your data for purposes other than those we have specified. 

Where personal data is shared with the DCC, the DCC will be considered separate data controllers for this purpose. Please consult the DCC Privacy Policy for further information. 

Marketing and Opting-Out 

We will only contact you by email about our work and its progress if you have asked us to do so. If you have changed your mind and would prefer us not to contact you, then you can opt out at any time.  See further “Your Rights in relation to your information” below. 

Use of cookies in connection with the website and our Cookie Policy  

Cookies are small files saved to your computer’s hard drive that track, save and store information about your interactions and usage of our website. Cookies allow us to store your preferences to correctly present content, options or functions throughout our website. They also enable us to see information like how many people use our website and what pages they tend to visit. 

Cookies have different durations. Temporary cookies, such as those only valid for your browsing session, expire when you close your browser.  Permanent cookies, however, will remain on your computer for a longer period until you delete them.  We may also use the information gathered from Cookies to compile reports to improve the functionality and user experience of our website. 

Cookies can be set by different actors. Typically, this occurs in two cases: 

  • First-party cookies: These are cookies set by this website for our visitors. 
  • Third-party cookies: These which are typically set by other websites whose features run on our website (such as social media plugins). We do not control the use of third-party cookies. Some third-party cookies may be set by Google. For more information regarding Google’s use of cookies, please see Google’s  Cookie Policy. 

Cookies have different purposes. We typically use the following cookies: 

  • Functional Cookies: Cookies that are strictly necessary to enable you to move around our websites or to provide certain basic features. This includes basic features such as playing videos, and storing information already entered (e.g. username, language, location). These include: 
  • WordPress (WordPress_sec, wordpress_logged_in, PHPSESSID, euCookie, wpfuuid): These cookies are required by our website software and store no personal information. Duration: Session only; 
  • Complianz cookies (cmplz_all, cmplz_choice, cmplz_id, cmplz_stats, cmplz_consent_status): These record which cookies you consent to. Duration: 1 year (consent is stored for 62 years). 
  • Statistics: Cookies that monitor the popularity of sections of our website. These include: 
  • Google Analytics (_ga, _gat, _gid, analytics.js): Used to understand how users navigate through our website. This service is provided by Google Inc. Duration: Session cookies; others maximum 2 years. 
  • Marketing: These cookies may track users and display advertisements relevant to them but can also include some otherwise functional cookies. The websites use Captcha to ensure that registration and queries come from real people. This is classified as a Marketing cookie, and in order to register as a User or to use the Simple Contact Form Users must consent to Marketing cookies. The websites make no other use of Marketing cookies. 

Your rights in relation to cookies. 

We generally only place cookies with your consent when you first visit this website, apart from for Functional cookies, which are mandatory for this website to operate. If you want to avoid this website placing Statistics and Marketing Cookies on your browser, you can choose to deselect all cookies besides the Functional Cookies on visiting this website. You may also set your browser settings to attempt to reject all cookies or manually delete the Cookies and may still use this website. 

Information Security 

We will use technical and organisational measures to safeguard your personal information from being accidentally lost, used or accessed in an unauthorised manner, altered or disclosed. In particular, we use strict access and authentication controls on our databases, and, where possible, use encryption in transit when sharing files via email. 

Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the Internet is not entirely secure, and for this reason we cannot guarantee the security or integrity of any personal data or other information that is transferred from you or to you via the Internet. 

Additionally, we have put into place procedures to deal with any suspected data breach and will notify you of such when we are legally required to do so. 

Updating your details 

If any of the information that you have provided to us changes, please let us know the correct details by sending an email to SMDASO@gemserv.com where we have the facility to log in to the website and update any user details. 

Storage of your personal data 

We will only retain your personal data for as long as necessary to fulfil the purposes we have collected it for (as outlined above), or as long as we are required to maintain it by law. 

Purpose of Processing  Retention Period 
Accessions to the SEC code  Duration of membership of SEC, otherwise up to one year 
To send documentation to, and ensure quoracy of meetings with, members  Duration of membership of SEC/Committee/Board (whichever is longer) 
To allow website users to sign up to our newsletter  Duration of membership  
To carry out assessments under the SEC  Duration of membership of the SEC 
To register to Codeworks to view digitised SEC  5 years 
To respond to communications, including enquiries and complaints, received through our website contact form  7 years 
When current SMDA Members who are not SEC Parties apply to continue accessing SMDA material   Duration of membership of the SMDA 
SEC Parties requesting access to SMDA materials   Duration of membership of the SMDA/SEC 
When you submit online forms, including the Accession application form, Smart Energy Code (SEC) Party contact form, Change of Party Details form, Security Assessment Application form, etc.;  Duration of membership of SMDA/SEC 
To register for a user account  For the duration of your membership of SMDA/SEC 
To respond to questionnaires and surveys  For as long as you consent to this processing, or 6 years 
To process invoices  7 years 
To process device assurance  For the duration of membership of SMDA 

Use of your personal information submitted to other websites

SECCo/Gemserv cannot be responsible for the privacy policies and practices of other non-SECCo websites, even if you accessed the third-party website using links from our website, or you linked to our website from a third-party website.

We may need to transfer your personal information to countries located outside of the European Economic Area for the purposes of providing our services to you. Rest assured that we will always ensure any such transfer is subject to appropriate security measures to safeguard your personal information.

Your Rights in relation to your information

Under certain circumstances, you may have certain rights under data protection laws in relation to your personal data which are as follows:

Request access to your personal data – This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of your personal data – This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data – This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.

Object to processing of your personal data.

Request restriction of processing your personal data – This enables you to ask us to suspend the processing of your personal data in specific circumstances.

Request transfer of your personal data to you or to a third party – We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.

Right to withdraw consent, where consent has been given to the processing.

You can write to us to request access to your personal information and other rights at:

Smart Energy Code Company Limited

77 Gracechurch Street

London

EC3V 0AS

We will require proof of your identity before responding to any request from you.

In addition, if you have any enquiry about this Privacy Policy or data protection practices, please write to the Legal Department at the above address.

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) on any data protection issues.

Contact Information

If you have any questions about this privacy policy or our privacy practices, please email us at dataprivacy@gemserv.com.

We may change this Privacy Policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access the website.

These terms shall be governed by and construed in accordance with the laws of England and you and we agree to submit to the exclusive jurisdiction of the courts of England and Wales.