1. Home
  2. Privacy Policy

Privacy Policy

We are the gas Performance Assurance Framework Administrator (PAFA). Our purpose is to support the Performance Assurance Committee (PAC) and administer the Performance Assurance Framework (PAF) as the PAC provide assurance that the gas settlement regime is effective for the gas industry where no party adversely impacts another party as a result of its failure to operate to the defined settlement regime.

This privacy notice sets out the basis on which we will process information through our website: thegpap.co.uk

1. Who we are

Gemserv is appointed into the role of the Performance Assurance Framework Administrator (PAFA).
Full company details of Gemserv are as follows:

Name: Gemserv Limited, Company Number 04419878
Registered office address: 77 Gracechurch Street, London, EC3V 0AS

The Performance Assurance Framework Administrator is a role defined in the Uniform Network Code (UNC) and whose responsibilities are described in the Performance Assurance Framework (PAF). As required in the UNC, Xoserve, in its role as the Central Data Services Provider (CDSP), competitively procure the services of the PAFA and Gemserv has been appointed into the role since 2017.

For more information about how Gemserv process personal data, please see the privacy notice here: Privacy Policy – Gemserv. If you have any questions about this privacy policy or our privacy practices, please contact us at dataprivacy@gemserv.com.

2. Personal Data Collected

We typically collect personal data from you when you use our Website, including when you:

  • Use or access our Website; and
  • Submit online forms

The types of personal data collected when you do the above include your:

  • Name
  • Email address
  • Contact number
  • Company name
  • Contents of messages
  • IP address and information collected through cookies

 3. Use of Personal Data

We will use your personal data for the purposes described to you at the time you provided your data to us. These purposes include:

  • Responding to and keeping a record of your enquiries
  • Enforcing the terms of any contract between you and us, including our Website Terms of Service;
  • Improving your website experience, such as through the use of Cookies; and
  • Any processing required by any law or regulation and/or requested by regulatory bodies or law enforcement organisations

We process your personal data on the following lawful bases:

  • Consent: where you provide explicit permission for the processing of your personal data, e.g. for the use of cookies
  • Contractual obligation: where we are enforcing the terms of a contract with you, such as the Website Terms of Service
  • Legal requirement: where we are legally required to process your personal data
  • Legitimate interest: where it is in our legitimate interest to do so, e.g. to respond to your queries

4. Retention of Personal Data

We will retain your personal data for the following duration:

Category of Data Retention Period Legal Basis
Personal data collected through contact forms 7 years Legitimate interest to retain your communications with us in case of future legal claims
Cookies Data See retention periods below in Cookies section. Consent


5. Disclosure of Personal Data

Your personal data may be disclosed to any or all of the following:

  • Our website developers, Farrows Ltd, who are based in the UK
  • Our website hosting providers, Flywheel, who are based in the UK
  • Gemserv’s employees, contractors or other personnel
  • As necessary in order to investigate, respond to, and address any issues or complaints raised by you
  • As otherwise stated when your information was provided or collected
  • As otherwise required to comply with legal or regulatory obligations or requests

6. Cookies

Cookies are small files saved to your computer’s hard drive that track, save and store information about your interactions and usage of our website. Cookies allow us to store your preferences to correctly present content, options or functions throughout our website. They also enable us to see information like how many people use our website and what pages they tend to visit.

Cookies have different duration’s. Temporary cookies, such as those only valid for your browsing session, expire when you close your browser.  Permanent cookies, however, will remain on your computer for a longer period until you delete them.  We may also use the information gathered from Cookies to compile reports to improve the functionality and user experience of our website.

Cookies can be set by different actors. Typically, this occurs in two cases:

  • First-party cookies: These are cookies set by this website for our visitors.
  • Third-party cookies: These which are typically set by other websites whose features run on our website (such as social media plugins). We do not control the use of third-party cookies. Some third-party cookies may be set by Google. For more information regarding Google’s use of cookies, please see Google’s Cookie Policy.

Cookies have different purposes. We typically use the following cookies:

Functional Cookies: Cookies that are strictly necessary to enable you to move around our websites or to provide certain basic features. This includes basic features such as playing videos, and storing information already entered (e.g. username, language, location). These include:

  • WordPress (WordPress_*): These cookies are required by our website software and store no personal information. Duration: Session only;
  • Complianz cookies (cmplzDashboardDefaultsSet, cmplzFormValues, complianz_policy_id, cmplz_stats, cmplz_marketing, complianz_consent_status): These record which cookies you consent to. Duration: 1 year.

Statistics: Cookies that monitor the popularity of sections of our website. These include:

  • Google Analytics (_ga, _ga*): Used to understand how users navigate through our website. This service is provided by Google Inc. Duration: Session cookies; others maximum 2 years.

Marketing: These cookies may track users and display advertisements relevant to them but can also include some otherwise functional cookies. The GPAP website uses Captcha to ensure that registration and queries come from real people. This is classified as a Marketing cookie, and to use the Contact Form, Users must consent to Marketing cookies. The GPAP website makes no other use of Marketing cookies.

Your rights in relation to cookies.

We generally only place cookies with your consent when you first visit this website, apart from for Functional cookies, which are mandatory for this website to operate. If you want to avoid this website placing Statistics and Marketing Cookies on your browser, you can choose to deselect all cookies besides the Functional Cookies on visiting this website. You may also set your browser settings to attempt to reject all cookies or manually delete the Cookies and may still use this website.

7. International Transfer of Personal Data

We do not transfer any data, anonymous or otherwise, outside of the UK.

8. Data Security

We use technical and organisational measures to safeguard personal information from being accidentally lost, used or accessed in an unauthorised manner, altered or disclosed. In addition, we limit access to data to those employees and third parties who have a business need to know. They will only process data on our instructions and they are subject to a duty of confidentiality.

9. Links To Third Party Websites

If you follow a link to any third-party website, please be aware that these websites have their own privacy policy and that we do not accept any responsibility or liability for their policies. Please check these policies before you submit any personal data to these websites.

This website links to Egress, which facilitates secure data storage and communications. For more information about how Egress’ process personal information, please see their privacy notice here: Website Privacy Policy | Legal | Egress.

10. Your Rights

Under certain circumstances, you may have certain rights under data protection laws in relation to your personal data which are as follows:

  • Request access to your personal data – This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of your personal data – This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data – This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data – This enables you to ask us to suspend the processing of your personal data in specific circumstances.
  • Request transfer of your personal data to you or to a third party – We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
  • Right to withdraw consent, where consent has been given to the processing.

You can exercise your rights at any time by contacting us at: dataprivacy@gemserv.com, or by writing to us at:

Performance Assurance Framework Administrator
77 Gracechurch Street

We will require proof of your identity before responding to any request from you.

In addition, if you have any enquiry about this Privacy Policy or data protection practices, please write to the Legal Department at the above address.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

11. Changes To Our Policy

We keep this policy under regular review and may be amended by us at any time. Any updated version of this policy will be published on our website.

This policy was last reviewed on 31/01/2022.

12. Contact Us

If you have any specific questions related to this privacy notice, or our privacy practices, please email us at dataprivacy@gemserv.com.