Privacy Policy

Last updated: 17 March 2026

1. Introduction

Direct EPC is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website and services, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Direct EPC is the data controller responsible for your personal data. If you have any questions about this policy or our data practices, please contact us at info@directepc.co.uk.

3. Information We Collect

We collect the following types of personal information:

  • Identity Data: Full name, email address, and telephone number provided during booking
  • Property Data: Property address, type, number of bedrooms, and other details necessary for the EPC assessment
  • Payment Data: Payment card details are processed securely by Stripe and are not stored on our servers. We retain Stripe transaction references for our records
  • Technical Data: IP address, browser type, device information, and cookies (see our Cookie Policy)
  • Communication Data: Records of correspondence between you and our team, including emails and notes

4. How We Use Your Information

We use your personal data for the following purposes:

  • To process and fulfil your EPC booking
  • To assign an energy assessor and coordinate the assessment appointment
  • To process payments via Stripe
  • To communicate with you about your booking, appointment, and certificate
  • To create and manage your customer account
  • To comply with legal obligations, including lodging the EPC on the official register
  • To improve our services and website functionality

5. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract: Processing necessary to fulfil the service you have booked
  • Legal Obligation: Processing required to comply with EPC regulations and tax requirements
  • Legitimate Interests: Processing necessary for improving our services and communicating with you about your booking
  • Consent: Where we send marketing communications (you may opt out at any time)

6. Data Sharing

We may share your personal data with the following third parties:

  • Energy Assessors: Your name, contact details, and property information are shared with the assigned assessor to carry out the assessment
  • Stripe: Payment processing partner — subject to Stripe's Privacy Policy
  • EPC Register: Certificate data is lodged on the official government register as required by law
  • Legal and Regulatory Bodies: Where required by law or regulation

We do not sell your personal data to third parties.

7. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy. Specifically:

  • Booking and assessment records: 10 years (aligned with EPC validity period)
  • Payment records: 7 years (as required for tax and accounting purposes)
  • Customer accounts: Until you request deletion
  • Communication records: 3 years from the date of last contact

8. Your Rights

Under the UK GDPR, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data (subject to legal obligations)
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Request your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests or direct marketing

To exercise any of these rights, please contact us at info@directepc.co.uk. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption of data in transit (SSL/TLS), secure hosting, access controls, and regular security reviews.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

11. Contact Us

If you have any concerns about how we handle your personal data, or wish to make a complaint, please contact us at info@directepc.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.