Privacy Policy

Introduction

EPC Certs (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our website (www.epccerts.co.uk), book an Energy Performance Certificate (EPC) assessment, or otherwise interact with our services.
We operate in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully to understand our practices regarding your personal data.

Who We Are

EPC Certs is a trading name operated and powered by EICRCERT Ltd, a company registered in England and Wales

Website: www.epccerts.co.uk
Email: info@epccerts.co.uk
Phone: 020 3996 3057
Registered Address: 7 Coronation Rd, London NW10 7PQ, UK
For the purposes of UK GDPR, EPC Certs (EICRCERT Ltd) is the Data Controller responsible for your personal information.

What Personal Data We Collect

We may collect and process the following categories of personal data:

Identity & Contact Information

Property & Assessment Information

Booking & Transaction Data

Communications Data

Technical & Usage Data

This data is collected using cookies and standard web analytics tools. Please refer to Section 9 (Cookies) for more information.

How We Collect Your Data

We collect personal data in the following ways:

• Directly from you — when you book an EPC assessment, complete an online form, call us, or send an email.
• Through our website — via cookies, analytics tools, and booking/payment systems.
• From third parties — such as letting agents, property developers, or solicitors who refer a property on your behalf.
• From the official UK EPC Register — where relevant to confirming existing certificate details.

How We Use Your Data

We use your personal data for the following purposes:

• To fulfil your booking and deliver our services: scheduling assessments, dispatching accredited assessors, and issuing EPC certificates.
• To register your EPC: lodging your certificate on the official UK EPC Register as required by law.
• To process payments: collecting fees and issuing invoices or receipts.
• To communicate with you: providing booking confirmations, updates, reminders, and follow-up support.
• To comply with legal obligations: meeting requirements under the Energy Performance of Buildings Regulations, UK GDPR, and other applicable legislation.
• To improve our services: analysing website usage and customer feedback to enhance our platform and service quality.
• To send marketing communications: only with your explicit consent, and you may opt out at any time.

Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases to process your personal data:

• Contract performance (Article 6(1)(b)): Processing is necessary to fulfil our booking and EPC assessment contract with you.
• Legal obligation (Article 6(1)(c)): We are required to lodge EPCs on the official register and comply with UK building and energy regulations.
• Legitimate interests (Article 6(1)(f)): To improve our services, manage business operations, and maintain records — where these interests are not overridden by your rights.
• Consent (Article 6(1)(a)): For any marketing communications or use of non-essential cookies, where we request and obtain your explicit consent.

How We Share Your Data

We do not sell or rent your personal data to third parties. We may share your data only in the following circumstances:

• Accredited EPC Assessors: Our qualified assessors access your property and booking details solely to carry out the assessment.
• The UK EPC Register (MHCLG / Landmark): Your EPC is lodged on the official national database as required by UK law. This is a statutory obligation.
• Accreditation Bodies: Such as Elmhurst Energy, for the purposes of quality assurance and assessor accreditation compliance.
• Payment Processors: Secure third-party payment providers process your payment. They are bound by their own privacy and data security standards.
• IT and Software Service Providers: Including our website hosting provider, booking system, and CRM software — all operating under strict data processing agreements.
• Professional Advisors: Such as legal, accounting, or insurance advisors, when required for business purposes.
• Law Enforcement or Regulatory Authorities: Where we are required to do so by law, court order, or in response to legitimate requests from public authorities.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements.

• EPC-related records are retained for a minimum of 10 years, in line with EPC validity periods and regulatory compliance requirements.
• Booking and payment records are retained for 6 years in accordance with HMRC requirements.
• Marketing and communication preferences are retained until you withdraw your consent.
• Website usage data collected via cookies is retained in accordance with our Cookie Policy (see Section 9).
Once data is no longer required, it is securely deleted or anonymised.

Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

• Right of access: You may request a copy of the personal data we hold about you (a Subject Access Request).
• Right to rectification: You can ask us to correct any inaccurate or incomplete information.
• Right to erasure: You may request that we delete your data, subject to legal obligations that require us to retain it.
• Right to restriction: You can ask us to limit how we process your data in certain circumstances.
• Right to data portability: You may request your data in a structured, machine-readable format for transfer to another provider.
• Right to object: You can object to processing based on legitimate interests or direct marketing at any time.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
• Right to lodge a complaint: You have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.
To exercise any of these rights, please contact us at info@epccerts.co.uk. We will respond within 30 days.

Cookies

Our website uses cookies to enhance your browsing experience and help us understand how visitors interact with our site. Cookies are small text files placed on your device.

We use the following types of cookies:

• Essential cookies: Required for the website to function correctly, including booking and payment systems.
• Analytics cookies: Used to collect anonymous information about how visitors use our site (e.g., Google Analytics).
• Marketing cookies: Used to deliver relevant content and advertising, only with your consent.

You can manage or disable cookies through your browser settings at any time. Note that disabling certain cookies may affect website functionality.

Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it from unauthorised access, loss, or misuse. These measures include:

• Secure HTTPS encryption on our website
• Password-protected internal systems with restricted access controls
• Encrypted data transmission for bookings and payments
• Regular security assessments and software updates
• Staff training on data protection and confidentiality

While we take all reasonable precautions, no data transmission over the internet is entirely secure. If you have concerns about the security of your data, please contact us immediately.

International Transfers

We primarily store and process your data within the United Kingdom. Where any data is transferred outside the UK (for example, through cloud-based software providers), we ensure appropriate safeguards are in place in accordance with UK GDPR, including adequacy decisions or Standard Contractual Clauses (SCCs).

Third-Party Links

Our website may contain links to external websites operated by third parties. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

Children's Privacy

Our services are intended for adults and professional property owners, landlords, and businesses. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

Marketing Communications

We may send you information about our services, offers, or relevant EPC regulatory updates by email or other means, but only where you have given your consent to do so.
You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email or by contacting us at info@epccerts.co.uk. Opting out will not affect communications related to your bookings or legal obligations.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make changes, we will:

• Update the ‘Effective Date’ at the top of this policy
• Post the revised policy on our website at www.epccerts.co.uk
• Notify you by email where the changes are significant

We encourage you to review this policy periodically. Continued use of our services after changes are posted constitutes your acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Data Controller: EPC Certs (operated by EICRCERT Ltd)
Email: info@epccerts.co.uk
Phone: 020 3996 3057
Website: www.epccerts.co.uk

If you are not satisfied with how we handle your complaint, you have the right to contact the Information Commissioner’s Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF