1. Home
  2. Privacy Policy

Privacy Policy

The Code Administration Code of Practice (CACoP) is established to improve consistent and transparent ways of working between energy industry Code Administrators. The CACoP Forum meets regularly to consider best practice in this area. The purpose of this website is to present relevant documentation to energy code users in a single repository

This privacy notice sets out the basis on which we will process information, including personal data, you provide to us or that we collect for the purposes of carrying out duties and functions.

1. Who are we

Gemserv was appointed by the CACoP Members to develop and maintain the CACoP Website.

Full company details of Gemserv are as follows:

Name: Gemserv Limited, Company number 04419878
Registered office address: 77 Gracechurch Street, London, EC3V 0AS

For more information about how Gemserv process personal data, please see the privacy notice here: Privacy Policy – Gemserv. If you have any questions about this privacy policy or our privacy practices, please contact us at dataprivacy@gemserv.com.

2. Purposes for which we will process personal information

We will only use personal data when the law allows us to. Most commonly, we will use personal data in the following circumstances:

  • Where we have your consent to do so
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.

We have set out below, a description of all the ways we plan to use personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.

Type of data
Legal basis
Retention period
Email addressTo keep you updated with our newsletterConsentFor the duration of CACoP services, unless you unsubscribe
Full name, Email address, Subject, MessageTo respond to queries received on our website contact us formLegitimate interest to respond to queries6 years

This website also uses cookies. For more information on the use of cookies, please see below.

3. Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse the website and also, allows us to improve our site. We use the following cookies:

Retention period
Session hash (PHPSESSID)Used to authenticate users on the websiteDuration of session
Google Analytics (_ga)Used to understand how users navigate through our website. The service is provided by GoogleTwo years
Google Analytics (_gat)Used to understand how users navigate through our website. The service is provided by Google10 minutes
wp-settings-1, wp-settings-time-1These cookies are required by our website software and do not store personal data.1 year
Cookieconsent_dismissedUsed to check if you have accepted that our site uses cookies and prevents the cookie notification from reappearing if it was accepted1 year

We then use the information gathered to compile reports to improve the functionality and user experience of our website. All information collected is anonymous.

Please also see our cookie banner for more information on the type of cookies processed and retention periods.

4. Data Retention

Any personal data we hold will be stored for only if it is required to fulfil the purposes above, including for the purposes of satisfying any legal, regulatory or reporting requirements.

5. International Transfer of Personal Data

We do not transfer your personal data outside the UK or European Economic Area. We ensure that all contracts with third parties or service providers we use, include limitations on international transfers of personal data.

6. Data Security

We will use technical and organisational measures to safeguard personal information from being accidentally lost, used or accessed in an unauthorised manner, altered or disclosed. In addition, we limit access to personal data to those employees and third parties who have a business need to know. They will only process personal data on our instructions and they are subject to a duty of confidentiality.

Additionally, we have put into place procedures to deal with any suspected data breach and will notify you and the supervisory authority of a breach, where we are legally required to do so.

7. Sharing Data with Third Parties

We will not share any data with a third-party except:

  • where we are under a legal, regulatory or professional obligation to disclose this information, such as for the detection or prevention of fraud or any other criminal offence, or to protect our contractual or other rights, property, or safety or those of others;
  • where we, or substantially all our assets, are merged or acquired by a third party, in which case this information may form part of the transferred or merged assets; or
  • where we are using a third-party service provider to provide services that could involve data processing, such as service provider hosting our database.

We require third parties to respect the security of personal data and treat it in accordance with the law. Additionally, we do not allow third parties to use personal data for their own purposes and only permit them to process your data for specified purposes and in accordance with our instructions.

8. Links to Third Party Websites

If you follow a link to any third-party website, please be aware that these websites have their own privacy policy and that we do not accept any responsibility or liability for their policies. Please check these policies before you submit any personal data to these websites.

9. Your Rights

Under certain circumstances, you have certain rights under data protection laws in relation to your personal data which are as follows:

  • Request access to your personal data – This enables you to receive a copy of the personal data we process about you and to check that we are lawfully processing it.
  • Request correction of your personal data – This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data – This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data – This enables you to ask us to suspend the processing of your personal data in specific circumstances.
  • Request transfer of your personal data to you or to a third party – We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.

You can write to us to request access to your personal information and exercise any other rights. Please see contact information in ‘Contact Us’ section.

Where you exercise certain rights, including to request access, correction, rectification, restriction or erasure of personal data, we may require proof of your identity before responding to any request from you. This is to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We will respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

10. Changes to our policy

We keep this policy under regular review and may be amended by us at any time. Any updated version of this policy will be published on our website.

This policy was last reviewed on 26/10/2021.

11. Contact Us

If you have any specific questions related to this privacy notice, our privacy practices or would like to exercise your rights, please email us at dataprivacy@gemserv.com.