Privacy Policy »

Privacy Policy

Effective from 13th September 2021.

This Website is brought to you by Gemserv on behalf of MRASCo. We take the privacy of our website users very seriously. We ask that you read this Privacy Policy (“the Policy”) carefully as it contains important information about how we will use your personal information in accordance with the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. For the purposes of relevant Data Protection Legislation, Gemserv Ltd (“Gemserv”) and MRASCo Ltd (“MRASCo”) are ’Controllers’ (i.e. responsible for and controls the processing of your personal information).

Our use of any information we collect about you when you visit the Website will be governed by this Privacy Policy. This Privacy Policy should be read in conjunction with the Terms and Conditions of Use of the Website.

This Privacy Policy only covers information collected by MRASCo through this website or otherwise in the course of MRASCo’s services, including the administration of the Master Registration Agreement (MRA), which outlines rules associated with the electricity Supplier registration process for Great Britain, incorporating Green Deal obligations, and the Industry Contacts Database.

Importance notice: MRASCo previously operated the Electricity Central Online Enquiry Service (ECOES) database, which is a market information system supporting the electricity customer transfer process in Great Britain, and Green Deal Central Charge (GDCC) database, which is a database that includes information related to the collection and remittance of Green Deal charges between Green Deal Licensees (i.e. Electricity Suppliers) and Green Deal Providers.

These databases are now operated by the Retail Energy Code Company Ltd. (RECCo), with responsibilities for administering the Retail Energy Code (REC). Enquiries for data processed on or relating to ECOES or the GDCC should now be directed to RECCo. For more information about RECCo, please visit RECCo’s website here and Privacy Policy here. This website continues to refer to other information processed by MRASCo for services related to the administration of the Master Registration Agreement (MRA).

This website is not intended for children, and we do not knowingly collect data relating to children. This website is also not intended to cover personal data processed for recruitment or employment purposes.

If you have any questions about this privacy policy or our privacy practices, please email us at dataprivacy@gemserv.com.

Who are we?

MRASCo operates the ECOES, the GDCC and the Industry Contacts Databases, while Gemserv maintains the MRASCo website.

Full company details of MRASCo are as follows:

Name: MRA Service Company Limited, Company number 03490321

Registered office address: 8 Fenchurch Place, London, EC3M 4AJ

Full company details of Gemserv are as follows:

Name: Gemserv Limited, Company number 04419878

Registered office address: 8 Fenchurch Place, London, EC3M 4AJ

If you have any questions about this privacy policy or our privacy practices, please email us at dataprivacy@gemserv.com.

Personal Information Collected

Typically, we process the personal information of staff at energy market participants, including energy suppliers, distributed network operators, meter operators, and other organisations operating in the energy market, as well as limited energy consumer data and data collected through users of this website. We typically collect personal information when you:

  • Use or access our services;
  • Make enquiries or send other communications;
  • Submit online forms;
  • Register to receive information or other services from us;
  • Provide them to the Industry Contacts Database;
  • Provide them over the course of audit processes;
  • Subscribe to our newsletters.

We also collect information about household energy consumers, as received from energy suppliers and distributed network operators (DNOs) from the ECOES database to enable energy suppliers and distributors to test their processes prior to going live. For more information about the ECOES database, please see the ECOES Privacy Policy.

The types of personal information collected when you do any of the above could include, for example:

  • Your full name and your role in your organisation;
  • Your organisation’s name and postal address;
  • Telephone and fax numbers;
  • Email address;
  • IP address; and
  • Meter Point Administration Numbers (MPANs)

How we use your Personal Information

We will use your personal information for the purposes described to you at the time you provided your data to us. These purposes include:

  • Providing meeting minutes and documentation related to MRA services;
  • Providing MPANs to energy distributors and suppliers to test their systems prior to supplying their services;
  • Providing services you have requested or performing any contract between yourself and MRASCo;
  • Responding to and keeping a record of any of your enquiries, requests for or other communications from yourself;
  • Sending Newsletters or information about our work and services to keep you informed about related latest developments and changes;
  • Enforcing the terms of any contract between you and us, including our Website Terms and Conditions of Use; and/or
  • Any processing required by any law or regulation and/or requested by regulatory bodies or law enforcement organisations.

We will only use your personal data when the law allows us to. Most commonly, we will your personal data in the following circumstances:

  • Where it is necessary for the performance of a contract between yourself and MRASCo, including our Website Terms and Conditions.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This will include, for example, our legitimate interests in complying with our obligations under the MRA; or where we maintain business communications with energy market participants.
  • Where we need to comply with a legal obligation. This will include storing data to comply with our financial and obligations.

Our communications to you

We will only contact you by email about our work and its progress if you have asked us to do so. If you have changed your mind and would prefer us not to contact you, then you can opt out at any time from the communications by clicking on the unsubscribe option. See further “Your Rights” below.

Storage of your Personal Data

On 1st September 2021, MRASCo ceased offering services under the Master Registration Agreement (MRA). However, we continue to retain certain items of personal data, in accordance with our legal obligations, or in order to ensure the smooth transition of services to RECCo under the Retain Energy Code (REC), in accordance with the How We User Your Personal Information section above.

In particular, we will store personal data for the following periods:

 

Database/Information Personal Data Storage Period
Industry Contacts Database Name
Contact Details
Organisation Details
For the duration of MRA services (unless a party/contact opts out)
MRA Secretariat meeting notes and governance documents Name
Contact Details
Organisation Name
Role within organisation
For the duration of MRA services
Various distribution lists for communications on meeting minutes and related documentation Name
Contact details
Organisation Name
For the duration of MRA services, (unless your company ceases to be a party to the MRA or opt-out)
Market Entry Assessment and Controlled Market Entry process audit reports and party information MRA Parties:
Name
Email address
Organisation NamesEnergy Consumers:
Name
Address
MPANs
For a period of up to 8 years
Entry Assessment Test Database Energy Consumers: MPANs For the duration of MRA services
Newsletter subscription list Name
Email address
Company Name
For the duration of MRA services (unless you unsubscribe)

Disclosure of Your Information

Your information may be disclosed to any or all of the following for the purposes set out above:

  • Our employees, contractors or other personnel;
  • RECCo, once MRASCo services are transferred;
  • Third party service providers who use your personal information to provide services to us.
    • These will include our website and hosting companies, Designamite and C&C Group;
    • They will also include software storage providers we use, such as Huddle and Microsoft Dynamics
  • As necessary in order to investigate, respond to, and address any issues raised by, or any complaint made by, you;
  • As otherwise stated when your information was provided or collected;
  • As otherwise required to enforce the terms of any contract between you and us or to comply with legal or regulatory obligations or requests;
  • Auditors, contractors or other professional advisers of MRASCo; and/or
  • Shareholders, officers or directors of MRASCo.

We require all third parties to respect the security of your personal data in accordance with legal requirements under the current data protection requirements. Additionally, we do not allow third parties to use your data for purposes other than those we have specified.

Transfer from MRASCo to RECCo

From 1st September 2021, MRASCo will cease offering our services and the services provided by MRASCo will instead be provided by the Retail Energy Code Company Limited (RECCo). To transfer this data to RECCo, MRASCo relies on its legitimate interests in complying with Schedule 11 of the MRA, under which MRASCo is obliged not to prejudice the interests of its shareholders, and the legitimate interests of other MRA parties to ensure the continued governance of electricity customer transfer process and remittance of Green Deal charges.

To ensure the seamless transition of energy market services from MRASCo to RECCo, the following data will be transferred:

 

Database/Information Personal Data Legitimate Interest
Industry Contacts Database Name
Contact Details
Organisation Name
To ensure that parties can continue to contact industry parties without disruption to services
Various distribution lists for communications on meeting minutes and related documentation Name
Contact details
Organisation Name
To ensure that all parties continue to receive official meeting documentation
MRA Secretariat meeting notes and governance documents Name
Contact Details
Organisation Name
To ensure that all parties continue to be supported by meetings and governance
Market Entry Assessment and Controlled Market Entry process audit reports and party information MRA Parties:
Name
Email address
Organisation NamesEnergy Consumers:
Name
Address
MPANs
To ensure that historical audit data is available to RECCo and to ensure current audits can continue without disruption.
Entry Assessment Test Database Energy Consumers: MPANs To ensure that energy suppliers and distributors acceding to the MRA can continue to test their processes prior to entering the Controlled Market Entry process
Newsletter subscription list Name
Email address
Company Name
To ensure that you stay up to date with RECCo services once MRASCo is no longer operating

If you would like to request further information about the transfer of your data from MRASCo to RECCo, or to request that your data is excluded from the transfer, please contact your contract manager.

International Transfers

We do not transfer your personal data outside the UK or European Economic Area. We ensure that all contracts with third parties or service providers we use include limitations on international transfers of personal data.

Use of Cookies in connection with the Website

We use cookies on the Website to distinguish you from other users of the Website. This helps us to provide you with a good experience when you browse the Website and also allows us to improve and monitor the use of the Website.

The following is a list of the cookies set by our website, and what each is used for:

  • Google Analytics (_ga) – used to understand how users navigate through our website; the service is provided by Google Inc.;
  • Google Maps – Google may set cookies to store information and preferences about maps or other associated Google services on pages where Google maps are embedded;
  • WordPress (WordPress_sec, wordpress_logged_in, PHPSESSID, euCookie, wpfuuid) – these cookies are required by our website software and store no personal information;
  • Security software cookies (wfvt_, wordfence_verifiedHuman) – used by our security software to protect the Website against malicious attacks.

We then use the information gathered to compile reports to improve the functionality and user experience of our website. All information collected is anonymous.

Please also see our cookie banner for more information on the type of cookies processed and retention periods.

Information Security

We will use technical and organisational measures to safeguard your personal information from being accidentally lost, used or accessed in an unauthorised manner, altered or disclosed.

In particular, we ensure that the following controls are in place on our databases and systems, including, where possible, systems provided by third parties:

  • Appropriate access controls, including role-based access controls, to limit access to personal data to the minimum staff and third parties necessary
  • Authentication controls, including password and two-factor authentication on systems
  • Encryption of data in transit
  • Various network security controls on our systems and environments, including endpoint protection, antivirus/antimalware software, vulnerability scanning and firewalls

Additionally, we have put into place procedures to deal with any suspected data breach and will notify you of such when we are legally required to do so.

Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the Internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data or other information that is transferred from you or to you via the Internet.

Updating Your Details

If any of the information that you have provided to us changes, please let us know the correct details by sending an email to your MRA Contract Manager, who has the facility to log in to the Website and update any user details.

Use of Your Personal Information Submitted to Other Websites

Gemserv cannot be responsible for the privacy policies and practices of other non-MRASCo websites, even if you accessed the third-party website using links from our Website, or you linked to our Website from a third party website.

We recommend that you check the policy of each website you visit and contact the owner or operator of such website if you have any concerns or questions.

We may need to transfer your personal information to countries located outside of the European Economic Area for the purposes of providing our services to you. Rest assured that we will always ensure any such transfer is subject to appropriate security measures to safeguard your personal information.

Your Rights in Relation to Your Information

Importance notice: MRASCo previously operated the Electricity Central Online Enquiry Service (ECOES) database, which is a market information system supporting the electricity customer transfer process in Great Britain, and Green Deal Central Charge (GDCC) database, which is a database that includes information related to the collection and remittance of Green Deal charges between Green Deal Licensees (i.e. Electricity Suppliers) and Green Deal Providers.

These databases are now operated by the Retail Energy Code Company Ltd. (RECCo), with responsibilities for administering the Retail Energy Code (REC). To exercise your data protection rights in relation to data held by  RECCo, such as that relating to data held on ECOES or the GDCC, please visit RECCo’s website here and Privacy Policy here.

You have several rights in relation to your personal information. In particular:

  • You have the right to request a copy of your personal information;
  • You have the right to request any inaccuracies in your personal information be corrected;
  • You may also ask to have your personal information erased (where appropriate);
  • You have the right to restrict or object to the processing of your personal data; and
  • You have the right to request the transfer of your personal data to a third party.

You can email us us to request access to your personal information and other rights at dataprivacy@gemserv.com. Alternatively, you can write to us at:

MRA Services Company
Data Protection Officer
8 Fenchurch Place
London
EC3M 4AJ

We will require proof of your identity before responding to any request from you.

In addition, if you have any enquiry about this Privacy Policy or our data protection practices, please write to the Legal Department at the above address.

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) on any data protection issues.

We may change this Privacy Policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access the Website.

These terms shall be governed by and construed in accordance with the laws of England and you and MRASCo agree to submit to the exclusive jurisdiction of the courts of England and Wales.