Certify ("we", "us", "our") is committed to protecting and respecting your privacy. This policy explains how we collect, use, store and protect your personal data when you book an Energy Performance Certificate (EPC) through this website or interact with our services. It is written to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Certify is the data controller for the personal information collected through this website. For any privacy queries you can contact us at hello@certify-epc.co.uk.
2. What data we collect
- Identity & contact data: full name, email address, phone number.
- Property data: property address, postcode, property type, reason for the EPC, key collection / access information and any free-text notes you provide.
- Technical data: IP address, browser type and version, device information and pages visited (collected via standard server logs and privacy-respecting analytics).
- Transaction data: records of EPCs booked, completed and lodged on the official register.
3. How we use your data and our lawful basis
- To deliver the EPC service you booked — performance of a contract.
- To contact you about your appointment (call, SMS, email) — performance of a contract.
- To lodge the EPC on the official government EPC register — legal obligation.
- To respond to enquiries — our legitimate interests in operating the business.
- For accounting, fraud prevention and record-keeping — legal obligation and legitimate interests.
- Marketing follow-up (e.g. EPC renewal reminders) — only with your consent, which you can withdraw at any time.
4. Who we share your data with
We only share your personal data where necessary, with:
- Accredited domestic EPC assessors carrying out your survey.
- The government-approved EPC accreditation scheme and the official EPC register (legal requirement).
- Your estate agent or letting agent, where you have asked us to liaise with them.
- Trusted service providers who help us run the business (e.g. email delivery, CRM, hosting, payments) under written data-processing agreements.
- Regulators, law enforcement and other authorities where required by law.
We do not sell your personal data to third parties.
5. International transfers
Where any of our processors are based outside the UK, we ensure appropriate safeguards are in place (such as the UK International Data Transfer Agreement or adequacy regulations) so your data receives an equivalent level of protection.
6. How long we keep your data
- Lead / booking information not converted into an EPC: up to 12 months.
- Completed EPC records and associated correspondence: 10 years (to align with the validity period of an EPC).
- Financial and tax records: 6 years, as required by HMRC.
7. How we protect your data
We use industry-standard technical and organisational measures including TLS encryption in transit, access controls, secure cloud infrastructure and least-privilege permissions. Our staff and assessors are bound by confidentiality obligations.
8. Your rights under UK GDPR
You have the right to:
- Be informed about how your data is used.
- Access a copy of the personal data we hold about you.
- Have inaccurate or incomplete data corrected.
- Have your data erased ("right to be forgotten"), subject to legal retention.
- Restrict or object to certain processing.
- Data portability — receive your data in a structured, machine-readable format.
- Withdraw consent at any time where we rely on consent.
- Not be subject to solely automated decision-making.
To exercise any of these rights, email hello@certify-epc.co.uk. We will respond within one calendar month.
9. Cookies
We use only essential cookies required to run the site, plus privacy-respecting analytics to understand how the site is used. We do not use advertising or cross-site tracking cookies. You can control cookies via your browser settings.
10. Complaints
If you are unhappy with how we have handled your personal data, please contact us first so we can try to resolve it. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
11. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated where appropriate.