We use cookies to provide you with a better experience. By continuing to use this site, you agree to our use of cookies.
I agree

Privacy

Privacy Policy — EPCCertificates.co.uk

Last updated: 8 November 2025

This Privacy Policy explains how EPCCertificates.co.uk (“we”, “us”, “our”) collects, uses, discloses, and protects personal data when you visit or use our website https://epccertificates.co.uk/ (the “Site”) or contact us. It also explains your rights under UK data protection law (UK GDPR and the Data Protection Act 2018) and how to exercise them.

Short summary

  • We collect contact and technical data so we can deliver EPC services and respond to enquiries.

  • We use personal data only where we have a lawful basis (usually to perform a contract, legitimate interests, or with your consent).

  • We don’t sell your personal data.

  • You can request access, correction, deletion, or restriction of your personal data — see “Your rights” below.

  • Contact: privacy@epccertificates.co.uk

1. Controller

The data controller for personal data processed through this Site is EPCCertificates.co.uk.
If you need to contact our data protection contact for privacy questions, please email privacy@epccertificates.co.uk.

2. What personal data we collect

We collect only the personal data necessary to provide our services and operate the Site. Typical categories:

Information you give us

  • Property details necessary for producing an EPC

Information we collect automatically

  • Usage data (IP address, browser type/version, pages visited, referral source, device type, timestamps) via server logs and cookies.

  • Location data derived from your IP address (approximate).

Information from third parties

  • If you request an EPC through an estate agent or third party, we may receive property details and contact details from that party.

3. How we use your personal data (purposes) and lawful basis

We use personal data for the following purposes:

  • To provide EPC services . This includes arranging surveys, producing and delivering EPCs.

  • To respond to enquiries and provide customer support (lawful basis: legitimate interests / performance of contract).

  • To process payments (lawful basis: performance of a contract) using third-party payment processors.

  • To comply with legal obligations (lawful basis: legal compliance), e.g., record keeping for tax purposes and industry regulations.

  • To improve our Site and services (lawful basis: legitimate interests), including analytics and troubleshooting.

  • To send marketing communications (lawful basis: consent or, where applicable, soft opt-in/legitimate interests). You can opt out at any time (see “Marketing” below).

  • Fraud detection and security (lawful basis: legitimate interests and legal compliance).

4. Cookies and tracking

We use cookies and similar technologies to operate the site, improve user experience, and perform analytics.

  • Essential cookies — required for the Site to function.

  • Performance/analytics cookies — used to understand how the site is used (e.g., Google Analytics). You can opt out of analytics cookies via your browser or cookie settings if available.

  • Advertising/marketing cookies — used only if you give consent.

A cookie banner or preference centre will allow you to manage non-essential cookies. Consult your browser settings to block or delete cookies.

5. Sharing and disclosure

We may share personal data in limited circumstances:

  • Service providers / subprocessors (e.g., certified assessors, payment processors, email providers, analytics providers). We require them to act only on our instructions and to protect personal data.

  • Legal or regulatory requests where required by law, or to respond to lawful requests from public authorities.

  • Business transfers — in the event of a merger, sale, reorganisation, or acquisition of our business assets, personal data may be transferred subject to confidentiality and data protection obligations.

We do not sell your personal data.

6. Data retention

We retain personal data only for as long as necessary to fulfil the purposes above, including to:

  • Complete the provision of services and any warranty or dispute resolution,

  • Comply with legal and regulatory obligations (e.g., tax law),

  • Keep records for a reasonable period for legitimate business purposes.

Typical retention periods:

  • Booking and EPC records: 7 years (or as required by tax/accounting rules). Adjust to your company policy.

  • Marketing consent: until consent is withdrawn or you opt-out.

  • Analytics logs: anonymised or retained for a limited period (e.g., 12–24 months).

7. Your rights

Under UK GDPR you have rights including:

  • Access — request a copy of personal data we hold about you.

  • Rectification — ask us to correct inaccurate or incomplete data.

  • Erasure (right to be forgotten) — in certain circumstances you can request deletion.

  • Restriction — ask us to limit processing in certain situations.

  • Portability — receive your data in a structured, commonly used format where applicable.

  • Object — object to processing based on legitimate interests or for direct marketing.

  • Withdraw consent — where we process based on consent, you can withdraw it at any time.

To exercise your rights, contact privacy@epccertificates.co.uk. We may ask for proof of identity before responding. We will respond within one month (may extend by up to two months if requests are complex).

If you are unhappy with our response you have a right to lodge a complaint with the UK Information Commissioner’s Office (ICO) — ico.org.uk.

8. Security

We implement appropriate technical and organisational measures to protect personal data (e.g., encryption in transit, access controls, secure hosting, staff training). While we aim to protect your data, no system is completely secure — if a data breach occurs that poses a risk to your rights and freedoms we will notify you and the ICO where required by law.

9. Children

Our services are intended for adults. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact us at privacy@epccertificates.co.uk so we can delete it.

10. Marketing communications

We will only send marketing emails if you have given consent or where there is a legitimate relationship and you have not opted out. Each marketing email includes an unsubscribe link. You can also opt out by emailing privacy@epccertificates.co.uk.

11. Links to other websites

Our Site may contain links to third-party websites. This policy does not cover those websites; please read their privacy policies before providing personal data.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will indicate the date of the latest revision at the top. Where changes are significant, we will provide a more prominent notice.

13. Contact us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact:

Email: privacy@epccertificates.co.uk
Postal: (Add your business postal address here)
Data Protection Officer: (If you have an appointed DPO, include name and contact details.)